* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2016-12-05 22:20 Mike Frysinger
0 siblings, 0 replies; 12+ messages in thread
From: Mike Frysinger @ 2016-12-05 22:20 UTC (permalink / raw
To: gentoo-commits
commit: 46e0b1d2b5a8babfa822438be2bc77daafc22057
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 5 22:18:52 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Dec 5 22:20:19 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46e0b1d2
sys-apps/shadow: version bump to 4.4 #580432
sys-apps/shadow/Manifest | 1 +
sys-apps/shadow/files/shadow-4.4-prototypes.patch | 42 ++++
sys-apps/shadow/files/shadow-4.4-su-snprintf.patch | 29 +++
sys-apps/shadow/shadow-4.4.ebuild | 213 +++++++++++++++++++++
4 files changed, 285 insertions(+)
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 79bdd08..81eedeb 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,2 +1,3 @@
DIST shadow-4.1.5.1.tar.bz2 2193325 SHA256 aa32333748d68b58ed3a83625f0165e0f6b9dc4639e6377c9300c6bf4fe978fb SHA512 c3bc605de1ca5b774b80d0d92cef5d4c0d5b4a206acadcf5a819f195453093bfe7990d7e32b98799180847ae4fadecfc7876c8ee7297f343acce2230d805d02c WHIRLPOOL 08751597b5b57057f0a3141be97204df49fada25adf0a9f43106a4099ce1b06fec6e90592e43ff1d789bf0a7e16a40b45f29830879ea5c71e9f5a1a81e7a7357
DIST shadow-4.2.1.tar.xz 1594536 SHA256 3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41 SHA512 7a14bf8e08126f0402e37b6e4c559615ced7cf829e39156d929ed05cd8813de48a77ff1f7f6fe707da04cf662a2e9e84c22d63d88dd1ed13f935fde594db95f0 WHIRLPOOL 032857f5fae8486cc3dd11303bfa7da55019000ce8ad7bac2f398f9f9764c8659e20a1547d05c5e4f366db749a52afb3083017faf14f6a72ee48345dcd1f86aa
+DIST shadow-4.4.tar.gz 3706812 SHA256 2398fe436e548786c17ec387b4c41f5339f72ec9ee2f3f7a6e0cc2cb240bb482 SHA512 c1e0f65a4fbd0f9d8de38e488b4a374cac5c476180e233269fc666988d9201c0dcc694605c5e54d54f81039c2e30c95b14c12f10adef749a45cc31f0b4b5d5a6 WHIRLPOOL a22fc0f90ec0623cbbcef253378a16ad605cf71345074880e3fd12fb5914058d3e721f378730c9684497cc597595b7defc7e710206268ae320a090c8c35fd41e
diff --git a/sys-apps/shadow/files/shadow-4.4-prototypes.patch b/sys-apps/shadow/files/shadow-4.4-prototypes.patch
new file mode 100644
index 00000000..5209a29
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.4-prototypes.patch
@@ -0,0 +1,42 @@
+https://github.com/shadow-maint/shadow/pull/53
+
+From 32c0b283ef5d68b63e4ec05fb22ed0db938fea67 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Mon, 5 Dec 2016 17:15:29 -0500
+Subject: [PATCH] include getdef.h for getdef_bool prototype
+
+Otherwise we get build warnings like:
+sgroupio.c:255:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
+shadowio.c:131:6: warning: implicit declaration of function 'getdef_bool' [-Wimplicit-function-declaration]
+---
+ lib/sgroupio.c | 1 +
+ lib/shadowio.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/lib/sgroupio.c b/lib/sgroupio.c
+index f2685779a12b..5423626a01da 100644
+--- a/lib/sgroupio.c
++++ b/lib/sgroupio.c
+@@ -40,6 +40,7 @@
+ #include "prototypes.h"
+ #include "defines.h"
+ #include "commonio.h"
++#include "getdef.h"
+ #include "sgroupio.h"
+
+ /*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)
+diff --git a/lib/shadowio.c b/lib/shadowio.c
+index 6e44ab24d69c..5fa3d312bbf9 100644
+--- a/lib/shadowio.c
++++ b/lib/shadowio.c
+@@ -40,6 +40,7 @@
+ #include <shadow.h>
+ #include <stdio.h>
+ #include "commonio.h"
++#include "getdef.h"
+ #include "shadowio.h"
+ #ifdef WITH_TCB
+ #include <tcb.h>
+--
+2.11.0.rc2
+
diff --git a/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch b/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch
new file mode 100644
index 00000000..45667c8
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.4-su-snprintf.patch
@@ -0,0 +1,29 @@
+fix from upstream
+
+From 67d2bb6e0a5ac124ce1f026dd5723217b1493194 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Sun, 18 Sep 2016 21:31:18 -0500
+Subject: [PATCH] su.c: fix missing length argument to snprintf
+
+---
+ src/su.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/su.c b/src/su.c
+index 0c50a9456afd..93ffd2fbe2b4 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -373,8 +373,8 @@ static void prepare_pam_close_session (void)
+ stderr);
+ (void) kill (-pid_child, caught);
+
+- snprintf (kill_msg, _(" ...killed.\n"));
+- snprintf (wait_msg, _(" ...waiting for child to terminate.\n"));
++ snprintf (kill_msg, 256, _(" ...killed.\n"));
++ snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
+
+ (void) signal (SIGALRM, kill_child);
+ (void) alarm (2);
+--
+2.11.0.rc2
+
diff --git a/sys-apps/shadow/shadow-4.4.ebuild b/sys-apps/shadow/shadow-4.4.ebuild
new file mode 100644
index 00000000..900c60b
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.4.ebuild
@@ -0,0 +1,213 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils libtool toolchain-funcs pam multilib
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="acl audit cracklib nls pam selinux skey xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+IUSE+=" $(printf 'linguas_%s ' ${LANGS[*]})"
+
+RDEPEND="acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ pam? ( virtual/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ nls? ( virtual/libintl )
+ xattr? ( sys-apps/attr:0= )"
+DEPEND="${RDEPEND}
+ app-arch/xz-utils
+ nls? ( sys-devel/gettext )"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20150213 )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch
+ "${FILESDIR}"/${P}-su-snprintf.patch
+ "${FILESDIR}"/${P}-prototypes.patch
+)
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+ epatch_user
+ #eautoreconf
+ elibtoolize
+}
+
+src_configure() {
+ tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes
+ econf \
+ --without-group-name-max-length \
+ --without-tcb \
+ --enable-shared=no \
+ --enable-static=yes \
+ $(use_with acl) \
+ $(use_with audit) \
+ $(use_with cracklib libcrack) \
+ $(use_with pam libpam) \
+ $(use_with skey) \
+ $(use_with selinux) \
+ $(use_enable nls) \
+ $(use_with elibc_glibc nscd) \
+ $(use_with xattr attr)
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ use linguas_${l} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=$1 val=$2
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ # move passwd to / to help recover broke systems #64441
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym /bin/passwd /usr/bin/passwd
+
+ cd "${S}"
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chpasswd chgpasswd newusers; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chage chsh chfn \
+ user{add,del,mod} group{add,del,mod} ; do
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+ done
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd,su} || die
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man \
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}"
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2016-12-06 10:35 Lars Wendler
0 siblings, 0 replies; 12+ messages in thread
From: Lars Wendler @ 2016-12-06 10:35 UTC (permalink / raw
To: gentoo-commits
commit: 6d77df88eaeaf655fe420153b0a77d931bdefa31
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 6 10:35:00 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Dec 6 10:35:00 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d77df88
sys-apps/shadow: Fixed loading of defaults (bug #601802).
Package-Manager: portage-2.3.3
.../shadow/files/shadow-4.4-load_defaults.patch | 37 ++++++++++++++++++++++
.../{shadow-4.4.ebuild => shadow-4.4-r1.ebuild} | 2 ++
2 files changed, 39 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.4-load_defaults.patch b/sys-apps/shadow/files/shadow-4.4-load_defaults.patch
new file mode 100644
index 00000000..4c0b84f
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.4-load_defaults.patch
@@ -0,0 +1,37 @@
+From 507f96cdeb54079fb636c7ce21e371f7a16a520e Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 25 Aug 2016 11:20:34 +0200
+Subject: [PATCH] Fix regression in useradd not loading defaults properly.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The get_defaults() has to be called before processing the flags.
+
+Signed-off-by: Tomáš Mráz <tmraz@fedoraproject.org>
+---
+ src/useradd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index fefa234..6c43e7e 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -2027,6 +2027,8 @@ int main (int argc, char **argv)
+ is_shadow_grp = sgr_file_present ();
+ #endif
+
++ get_defaults ();
++
+ process_flags (argc, argv);
+
+ #ifdef ENABLE_SUBIDS
+@@ -2036,8 +2038,6 @@ int main (int argc, char **argv)
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
+ #endif /* ENABLE_SUBIDS */
+
+- get_defaults ();
+-
+ #ifdef ACCT_TOOLS_SETUID
+ #ifdef USE_PAM
+ {
diff --git a/sys-apps/shadow/shadow-4.4.ebuild b/sys-apps/shadow/shadow-4.4-r1.ebuild
similarity index 99%
rename from sys-apps/shadow/shadow-4.4.ebuild
rename to sys-apps/shadow/shadow-4.4-r1.ebuild
index 900c60b..4c302d8 100644
--- a/sys-apps/shadow/shadow-4.4.ebuild
+++ b/sys-apps/shadow/shadow-4.4-r1.ebuild
@@ -1,5 +1,6 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
+# $Id$
EAPI="5"
@@ -38,6 +39,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-4.1.3-dots-in-usernames.patch
"${FILESDIR}"/${P}-su-snprintf.patch
"${FILESDIR}"/${P}-prototypes.patch
+ "${FILESDIR}"/${P}-load_defaults.patch
)
src_prepare() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2018-02-17 12:50 Lars Wendler
0 siblings, 0 replies; 12+ messages in thread
From: Lars Wendler @ 2018-02-17 12:50 UTC (permalink / raw
To: gentoo-commits
commit: 78e50f251c0ad49437a4146dc2bdd1552a88fe04
Author: Michael Vetter <jubalh <AT> iodoru <DOT> org>
AuthorDate: Fri Feb 16 11:22:10 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Feb 17 12:50:11 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78e50f25
sys-apps/shadow: Fix CVE-2018-7169
Fix CVE-2018-7169 by applying upstream patch:
https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0
Bug: https://bugs.gentoo.org/647790
Package-Manager: Portage-2.3.19, Repoman-2.3.6
Closes: https://github.com/gentoo/gentoo/pull/7203
.../shadow/files/shadow-4.5-CVE-2018-7169.patch | 180 ++++++++++++++++++
sys-apps/shadow/shadow-4.5-r1.ebuild | 210 +++++++++++++++++++++
2 files changed, 390 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.5-CVE-2018-7169.patch b/sys-apps/shadow/files/shadow-4.5-CVE-2018-7169.patch
new file mode 100644
index 00000000000..30ad9e61406
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.5-CVE-2018-7169.patch
@@ -0,0 +1,180 @@
+From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 15 Feb 2018 23:49:40 +1100
+Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group
+
+This is necessary to match the kernel-side policy of "self-mapping in a
+user namespace is fine, but you cannot drop groups" -- a policy that was
+created in order to stop user namespaces from allowing trivial privilege
+escalation by dropping supplementary groups that were "blacklisted" from
+certain paths.
+
+This is the simplest fix for the underlying issue, and effectively makes
+it so that unless a user has a valid mapping set in /etc/subgid (which
+only administrators can modify) -- and they are currently trying to use
+that mapping -- then /proc/$pid/setgroups will be set to deny. This
+workaround is only partial, because ideally it should be possible to set
+an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
+administrators to further restrict newgidmap(1).
+
+We also don't write anything in the "allow" case because "allow" is the
+default, and users may have already written "deny" even if they
+technically are allowed to use setgroups. And we don't write anything if
+the setgroups policy is already "deny".
+
+Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
+Fixes: CVE-2018-7169
+Reported-by: Craig Furman <craig.furman89@gmail.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 80 insertions(+), 9 deletions(-)
+
+diff --git a/src/newgidmap.c b/src/newgidmap.c
+index b1e33513..59a2e75c 100644
+--- a/src/newgidmap.c
++++ b/src/newgidmap.c
+@@ -46,32 +46,37 @@
+ */
+ const char *Prog;
+
+-static bool verify_range(struct passwd *pw, struct map_range *range)
++
++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
+ {
+ /* An empty range is invalid */
+ if (range->count == 0)
+ return false;
+
+- /* Test /etc/subgid */
+- if (have_sub_gids(pw->pw_name, range->lower, range->count))
++ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
++ *allow_setgroups = true;
+ return true;
++ }
+
+- /* Allow a process to map its own gid */
+- if ((range->count == 1) && (pw->pw_gid == range->lower))
++ /* Allow a process to map its own gid. */
++ if ((range->count == 1) && (pw->pw_gid == range->lower)) {
++ /* noop -- if setgroups is enabled already we won't disable it. */
+ return true;
++ }
+
+ return false;
+ }
+
+ static void verify_ranges(struct passwd *pw, int ranges,
+- struct map_range *mappings)
++ struct map_range *mappings, bool *allow_setgroups)
+ {
+ struct map_range *mapping;
+ int idx;
+
+ mapping = mappings;
+ for (idx = 0; idx < ranges; idx++, mapping++) {
+- if (!verify_range(pw, mapping)) {
++ if (!verify_range(pw, mapping, allow_setgroups)) {
+ fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
+ Prog,
+ mapping->upper,
+@@ -89,6 +94,70 @@ static void usage(void)
+ exit(EXIT_FAILURE);
+ }
+
++void write_setgroups(int proc_dir_fd, bool allow_setgroups)
++{
++ int setgroups_fd;
++ char *policy, policy_buffer[4096];
++
++ /*
++ * Default is "deny", and any "allow" will out-rank a "deny". We don't
++ * forcefully write an "allow" here because the process we are writing
++ * mappings for may have already set themselves to "deny" (and "allow"
++ * is the default anyway). So allow_setgroups == true is a noop.
++ */
++ policy = "deny\n";
++ if (allow_setgroups)
++ return;
++
++ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
++ if (setgroups_fd < 0) {
++ /*
++ * If it's an ENOENT then we are on too old a kernel for the setgroups
++ * code to exist. Emit a warning and bail on this.
++ */
++ if (ENOENT == errno) {
++ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
++ goto out;
++ }
++ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
++ Prog,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++
++ /*
++ * Check whether the policy is already what we want. /proc/self/setgroups
++ * is write-once, so attempting to write after it's already written to will
++ * fail.
++ */
++ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
++ fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
++ Prog,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++ if (!strncmp(policy_buffer, policy, strlen(policy)))
++ goto out;
++
++ /* Write the policy. */
++ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
++ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
++ Prog,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++ if (dprintf(setgroups_fd, "%s", policy) < 0) {
++ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
++ Prog,
++ policy,
++ strerror(errno));
++ exit(EXIT_FAILURE);
++ }
++
++out:
++ close(setgroups_fd);
++}
++
+ /*
+ * newgidmap - Set the gid_map for the specified process
+ */
+@@ -103,6 +172,7 @@ int main(int argc, char **argv)
+ struct stat st;
+ struct passwd *pw;
+ int written;
++ bool allow_setgroups = false;
+
+ Prog = Basename (argv[0]);
+
+@@ -145,7 +215,7 @@ int main(int argc, char **argv)
+ (unsigned long) getuid ()));
+ return EXIT_FAILURE;
+ }
+-
++
+ /* Get the effective uid and effective gid of the target process */
+ if (fstat(proc_dir_fd, &st) < 0) {
+ fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
+@@ -177,8 +247,9 @@ int main(int argc, char **argv)
+ if (!mappings)
+ usage();
+
+- verify_ranges(pw, ranges, mappings);
++ verify_ranges(pw, ranges, mappings, &allow_setgroups);
+
++ write_setgroups(proc_dir_fd, allow_setgroups);
+ write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
+ sub_gid_close();
+
diff --git a/sys-apps/shadow/shadow-4.5-r1.ebuild b/sys-apps/shadow/shadow-4.5-r1.ebuild
new file mode 100644
index 00000000000..f13b863620e
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.5-r1.ebuild
@@ -0,0 +1,210 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils libtool pam multilib
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow http://pkg-shadow.alioth.debian.org/"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="acl audit +cracklib nls pam selinux skey xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+
+RDEPEND="acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ pam? ( virtual/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ nls? ( virtual/libintl )
+ xattr? ( sys-apps/attr:0= )"
+DEPEND="${RDEPEND}
+ app-arch/xz-utils
+ nls? ( sys-devel/gettext )"
+RDEPEND="${RDEPEND}
+ pam? ( >=sys-auth/pambase-20150213 )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
+ "${FILESDIR}/${P}-CVE-2018-7169.patch"
+)
+
+src_prepare() {
+ epatch "${PATCHES[@]}"
+ epatch_user
+ #eautoreconf
+ elibtoolize
+}
+
+src_configure() {
+ econf \
+ --without-group-name-max-length \
+ --without-tcb \
+ --enable-shared=no \
+ --enable-static=yes \
+ $(use_with acl) \
+ $(use_with audit) \
+ $(use_with cracklib libcrack) \
+ $(use_with pam libpam) \
+ $(use_with skey) \
+ $(use_with selinux) \
+ $(use_enable nls) \
+ $(use_with elibc_glibc nscd) \
+ $(use_with xattr attr)
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=$1 val=$2
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ # move passwd to / to help recover broke systems #64441
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym /bin/passwd /usr/bin/passwd
+
+ cd "${S}"
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chpasswd chgpasswd newusers; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chage chsh chfn \
+ user{add,del,mod} group{add,del,mod} ; do
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+ done
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd,su} || die
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man \
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}"
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2019-11-19 10:37 Lars Wendler
0 siblings, 0 replies; 12+ messages in thread
From: Lars Wendler @ 2019-11-19 10:37 UTC (permalink / raw
To: gentoo-commits
commit: 30c4a8ad9c4fc913b0fc0b2530d9d03ded040852
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 19 10:36:19 2019 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Nov 19 10:37:04 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c4a8ad
sys-apps/shadow: Introduced "su" USE flag
Moved passwd from /usr/bin to /bin (again) as it breaks at least
one package that has passwd path hardcoded (net-misc/scponly)
Thanks-to: fling <fling <AT> member.fsf.org>
Bug: https://bugs.gentoo.org/699930
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
sys-apps/shadow/files/shadow-4.7-optional_su.patch | 130 ++++++++++++
sys-apps/shadow/metadata.xml | 3 +
sys-apps/shadow/shadow-4.7-r2.ebuild | 234 +++++++++++++++++++++
3 files changed, 367 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.7-optional_su.patch b/sys-apps/shadow/files/shadow-4.7-optional_su.patch
new file mode 100644
index 00000000000..47284646077
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.7-optional_su.patch
@@ -0,0 +1,130 @@
+From ddb0553b2e559fd431fe8b460c37cb7fef8c06ee Mon Sep 17 00:00:00 2001
+From: Lars Wendler <polynomial-c@gentoo.org>
+Date: Tue, 19 Nov 2019 10:57:06 +0100
+Subject: [PATCH] build: Make build/installation of su and its support files
+ optional
+
+Enabled by default
+This is necessary because coreutils and util-linux can also provide su
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+---
+ configure.ac | 7 +++++++
+ etc/pam.d/Makefile.am | 7 +++++--
+ man/Makefile.am | 5 ++++-
+ src/Makefile.am | 10 ++++++++--
+ 4 files changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 67625564..5629df98 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -286,6 +286,9 @@ AC_ARG_WITH(sssd,
+ AC_ARG_WITH(group-name-max-length,
+ [AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
+ [with_group_name_max_length=$withval], [with_group_name_max_length=yes])
++AC_ARG_WITH(su,
++ [AC_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
++ [with_su=$withval], [with_su=yes])
+
+ if test "$with_group_name_max_length" = "no" ; then
+ with_group_name_max_length=0
+@@ -313,6 +316,9 @@ if test "$with_sssd" = "yes"; then
+ [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
+ fi
+
++AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
++AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
++
+ dnl Check for some functions in libc first, only if not found check for
+ dnl other libraries. This should prevent linking libnsl if not really
+ dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
+@@ -719,4 +725,5 @@ echo " nscd support: $with_nscd"
+ echo " sssd support: $with_sssd"
+ echo " subordinate IDs support: $enable_subids"
+ echo " use file caps: $with_fcaps"
++echo " install su: $with_su"
+ echo
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index d967eb95..38ff26ae 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -6,8 +6,7 @@ pamd_files = \
+ chsh \
+ groupmems \
+ login \
+- passwd \
+- su
++ passwd
+
+ pamd_acct_tools_files = \
+ chage \
+@@ -29,4 +28,8 @@ pamd_DATA += $(pamd_acct_tools_files)
+ endif
+ endif
+
++if WITH_SU
++pamd_files += su
++endif
++
+ EXTRA_DIST = $(pamd_files) $(pamd_acct_tools_files)
+diff --git a/man/Makefile.am b/man/Makefile.am
+index 3f040e05..8b64feba 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -41,7 +41,6 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+@@ -54,6 +53,10 @@ man_nopam = \
+ man5/login.access.5 \
+ man5/porttime.5
+
++if WITH_SU
++man_MANS += man1/su.1
++endif
++
+ if !USE_PAM
+ man_MANS += $(man_nopam)
+ endif
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 34690ced..06ee9545 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -23,12 +23,15 @@ AM_CPPFLAGS = \
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login su
++bin_PROGRAMS = groups login
+ sbin_PROGRAMS = nologin
+ ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
++if WITH_SU
++bin_PROGRAMS += su
++endif
+ usbin_PROGRAMS = \
+ chgpasswd \
+ chpasswd \
+@@ -52,8 +55,11 @@ usbin_PROGRAMS = \
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+-suidbins = su
++suidbins =
+ suidubins = chage chfn chsh expiry gpasswd newgrp
++if WITH_SU
++suidbins += su
++endif
+ if !WITH_TCB
+ suidubins += passwd
+ endif
+--
+2.24.0
+
diff --git a/sys-apps/shadow/metadata.xml b/sys-apps/shadow/metadata.xml
index 623e134e275..a69630c7b1e 100644
--- a/sys-apps/shadow/metadata.xml
+++ b/sys-apps/shadow/metadata.xml
@@ -5,6 +5,9 @@
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
+ <use>
+ <flag name="su">build the su program</flag>
+ </use>
<!-- only for USE=pam -->
<upstream>
<remote-id type="cpe">cpe:/a:debian:shadow</remote-id>
diff --git a/sys-apps/shadow/shadow-4.7-r2.ebuild b/sys-apps/shadow/shadow-4.7-r2.ebuild
new file mode 100644
index 00000000000..b75f9599e1c
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.7-r2.ebuild
@@ -0,0 +1,234 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools libtool pam
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86"
+IUSE="acl audit +cracklib nls pam selinux skey split-usr +su xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+
+DEPEND="
+ acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ nls? ( virtual/libintl )
+ pam? ( sys-libs/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ su? ( !sys-apps/util-linux[su] )
+ xattr? ( sys-apps/attr:0= )
+"
+BDEPEND="
+ app-arch/xz-utils
+ nls? ( sys-devel/gettext )
+"
+RDEPEND="
+ ${DEPEND}
+ pam? ( >=sys-auth/pambase-20150213 )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
+ "${FILESDIR}/${PN}-4.7-optional_su.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+ #elibtoolize
+}
+
+src_configure() {
+ local myeconfargs=(
+ --with-btrfs
+ --without-group-name-max-length
+ --without-tcb
+ --enable-shared=no
+ --enable-static=yes
+ $(use_enable nls)
+ $(use_with acl)
+ $(use_with audit)
+ $(use_with cracklib libcrack)
+ $(use_with elibc_glibc nscd)
+ $(use_with pam libpam)
+ $(use_with selinux)
+ $(use_with skey)
+ $(use_with su)
+ $(use_with xattr attr)
+ )
+ econf "${myeconfargs[@]}"
+
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=$1 val=$2
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ if use split-usr ; then
+ # move passwd to / to help recover broke systems #64441
+ # We cannot simply remove this or else net-misc/scponly
+ # and other tools will break because of hardcoded passwd
+ # location
+ dodir /bin
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym ../../bin/passwd /usr/bin/passwd
+ fi
+
+ cd "${S}" || die
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chpasswd chgpasswd newusers; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chage chsh chfn \
+ user{add,del,mod} group{add,del,mod} ; do
+ newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
+ done
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man -type f \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd} || die
+ if use su ; then
+ rm "${ED}"/etc/pam.d/su || die
+ fi
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man \
+ '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}" || die
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc || die
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ [[ ! -f "${EROOT}"/etc/subgid ]] &&
+ touch "${EROOT}"/etc/subgid
+ [[ ! -f "${EROOT}"/etc/subuid ]] &&
+ touch "${EROOT}"/etc/subuid
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2019-12-01 21:50 Patrick McLean
0 siblings, 0 replies; 12+ messages in thread
From: Patrick McLean @ 2019-12-01 21:50 UTC (permalink / raw
To: gentoo-commits
commit: e3c042d5752bdab78fbf5caa05307a100483026d
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 1 21:49:42 2019 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Sun Dec 1 21:49:42 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3c042d5
sys-apps/shadow-4.8-r1: Revbump, install in /usr as well as /
Package-Manager: Portage-2.3.80, Repoman-2.3.19
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
sys-apps/shadow/files/shadow-4.8-revert-bin-merge.patch | 15 +++++++++++++++
.../shadow/{shadow-4.8.ebuild => shadow-4.8-r1.ebuild} | 13 ++++++++++---
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/sys-apps/shadow/files/shadow-4.8-revert-bin-merge.patch b/sys-apps/shadow/files/shadow-4.8-revert-bin-merge.patch
new file mode 100644
index 00000000000..08382fcb950
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.8-revert-bin-merge.patch
@@ -0,0 +1,15 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 97839741..ff153d92 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -2,8 +2,8 @@
+ EXTRA_DIST = \
+ .indent.pro
+
+-ubindir = ${bindir}
+-usbindir = ${sbindir}
++ubindir = ${prefix}/bin
++usbindir = ${prefix}/sbin
+ suidperms = 4755
+ sgidperms = 2755
+
diff --git a/sys-apps/shadow/shadow-4.8.ebuild b/sys-apps/shadow/shadow-4.8-r1.ebuild
similarity index 93%
rename from sys-apps/shadow/shadow-4.8.ebuild
rename to sys-apps/shadow/shadow-4.8-r1.ebuild
index 11bb45bfd04..615a53c7676 100644
--- a/sys-apps/shadow/shadow-4.8.ebuild
+++ b/sys-apps/shadow/shadow-4.8-r1.ebuild
@@ -3,7 +3,7 @@
EAPI=7
-inherit libtool pam
+inherit autotools libtool pam
DESCRIPTION="Utilities to deal with user accounts"
HOMEPAGE="https://github.com/shadow-maint/shadow"
@@ -41,12 +41,13 @@ RDEPEND="
PATCHES=(
"${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
+ "${FILESDIR}/shadow-4.8-revert-bin-merge.patch"
)
src_prepare() {
default
- #eautoreconf
- elibtoolize
+ eautoreconf
+ #elibtoolize
}
src_configure() {
@@ -119,6 +120,12 @@ src_install() {
doins "${FILESDIR}"/default/useradd
if use split-usr ; then
+ # move passwd to / to help recover broke systems #64441
+ # We cannot simply remove this or else net-misc/scponly
+ # and other tools will break because of hardcoded passwd
+ # location
+ dodir /bin
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
dosym ../../bin/passwd /usr/bin/passwd
fi
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2020-04-21 8:24 Lars Wendler
0 siblings, 0 replies; 12+ messages in thread
From: Lars Wendler @ 2020-04-21 8:24 UTC (permalink / raw
To: gentoo-commits
commit: 56a1b1be9d9b3661cc4f2ab036312d47892c4118
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 21 08:13:36 2020 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Apr 21 08:24:39 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56a1b1be
sys-apps/shadow: Security cleanup
Bug: https://bugs.gentoo.org/702252
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
sys-apps/shadow/Manifest | 2 -
sys-apps/shadow/files/shadow-4.7-optional_su.patch | 130 ------------
sys-apps/shadow/shadow-4.6.ebuild | 214 -------------------
sys-apps/shadow/shadow-4.7-r2.ebuild | 236 ---------------------
4 files changed, 582 deletions(-)
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 37a6f8d7768..c224c0d1a24 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1,4 +1,2 @@
-DIST shadow-4.6.tar.gz 3804282 BLAKE2B 268c90e7daba138827aec6039f428f52cdcf7929743fa1f49f801cc669de7456ec5a69531194cdb29f051ce7d0b2f1e966fdf2513a9fc8f7fbdeb29d786a509f SHA512 36358333e7f03ef558772f3361bc5851a7d7fd3d85c993a6b732e37304b8068b2893d55607b9bfe8b8eed616a687264f947ff66cefc74ea1a48ba9396d464714
-DIST shadow-4.7.tar.gz 3833335 BLAKE2B 8e030d3dcc5eb76332ff76aad8e9141edb4ae660f56dd3b420968c538d3022a72ab620710b9274b9afb44f497399f5c4ceef339b7d2c52106b9b8368ff127654 SHA512 9b134dc90d8fb39bc72db69ddb78cef6263921c8a2f00abc00ac796bf468ac18393399920eec14bd2a78b814a06fc18eb6f5685ede13fe222fc66b2e411cbb01
DIST shadow-4.8.1.tar.xz 1611196 BLAKE2B 952707cdd55dc6c00dcbc60dbc3bf84ac618dbe916b36d993802b3ce42594de332a9bc22933a28881af3d317a340eab017ada55511b4e4fbc3ca6b422c4bc254 SHA512 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b
DIST shadow-4.8.tar.xz 1609060 BLAKE2B 9d0b515e40f45c0baf420ef7ffaf5b6dd7989b26c93fc6dd610876263ac22e61fbc2821649d347c28055ae84f64cd5ab5c2435450c55339c80b4ae5062ccc44f SHA512 1c607aec541400fc179d6cbbac7511289c618ab2ce6ee9d7c18a8bfda00421c62d4b9e58aff52b5f82d485468e7db955c186ea0faad9a08003ffc01bdf2ccece
diff --git a/sys-apps/shadow/files/shadow-4.7-optional_su.patch b/sys-apps/shadow/files/shadow-4.7-optional_su.patch
deleted file mode 100644
index 47284646077..00000000000
--- a/sys-apps/shadow/files/shadow-4.7-optional_su.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From ddb0553b2e559fd431fe8b460c37cb7fef8c06ee Mon Sep 17 00:00:00 2001
-From: Lars Wendler <polynomial-c@gentoo.org>
-Date: Tue, 19 Nov 2019 10:57:06 +0100
-Subject: [PATCH] build: Make build/installation of su and its support files
- optional
-
-Enabled by default
-This is necessary because coreutils and util-linux can also provide su
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
----
- configure.ac | 7 +++++++
- etc/pam.d/Makefile.am | 7 +++++--
- man/Makefile.am | 5 ++++-
- src/Makefile.am | 10 ++++++++--
- 4 files changed, 24 insertions(+), 5 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 67625564..5629df98 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -286,6 +286,9 @@ AC_ARG_WITH(sssd,
- AC_ARG_WITH(group-name-max-length,
- [AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
- [with_group_name_max_length=$withval], [with_group_name_max_length=yes])
-+AC_ARG_WITH(su,
-+ [AC_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
-+ [with_su=$withval], [with_su=yes])
-
- if test "$with_group_name_max_length" = "no" ; then
- with_group_name_max_length=0
-@@ -313,6 +316,9 @@ if test "$with_sssd" = "yes"; then
- [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
- fi
-
-+AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
-+AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
-+
- dnl Check for some functions in libc first, only if not found check for
- dnl other libraries. This should prevent linking libnsl if not really
- dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
-@@ -719,4 +725,5 @@ echo " nscd support: $with_nscd"
- echo " sssd support: $with_sssd"
- echo " subordinate IDs support: $enable_subids"
- echo " use file caps: $with_fcaps"
-+echo " install su: $with_su"
- echo
-diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
-index d967eb95..38ff26ae 100644
---- a/etc/pam.d/Makefile.am
-+++ b/etc/pam.d/Makefile.am
-@@ -6,8 +6,7 @@ pamd_files = \
- chsh \
- groupmems \
- login \
-- passwd \
-- su
-+ passwd
-
- pamd_acct_tools_files = \
- chage \
-@@ -29,4 +28,8 @@ pamd_DATA += $(pamd_acct_tools_files)
- endif
- endif
-
-+if WITH_SU
-+pamd_files += su
-+endif
-+
- EXTRA_DIST = $(pamd_files) $(pamd_acct_tools_files)
-diff --git a/man/Makefile.am b/man/Makefile.am
-index 3f040e05..8b64feba 100644
---- a/man/Makefile.am
-+++ b/man/Makefile.am
-@@ -41,7 +41,6 @@ man_MANS = \
- man1/sg.1 \
- man3/shadow.3 \
- man5/shadow.5 \
-- man1/su.1 \
- man5/suauth.5 \
- man8/useradd.8 \
- man8/userdel.8 \
-@@ -54,6 +53,10 @@ man_nopam = \
- man5/login.access.5 \
- man5/porttime.5
-
-+if WITH_SU
-+man_MANS += man1/su.1
-+endif
-+
- if !USE_PAM
- man_MANS += $(man_nopam)
- endif
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 34690ced..06ee9545 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -23,12 +23,15 @@ AM_CPPFLAGS = \
- # and installation would be much simpler (just two directories,
- # $prefix/bin and $prefix/sbin, no install-data hacks...)
-
--bin_PROGRAMS = groups login su
-+bin_PROGRAMS = groups login
- sbin_PROGRAMS = nologin
- ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
- if ENABLE_SUBIDS
- ubin_PROGRAMS += newgidmap newuidmap
- endif
-+if WITH_SU
-+bin_PROGRAMS += su
-+endif
- usbin_PROGRAMS = \
- chgpasswd \
- chpasswd \
-@@ -52,8 +55,11 @@ usbin_PROGRAMS = \
- # id and groups are from gnu, sulogin from sysvinit
- noinst_PROGRAMS = id sulogin
-
--suidbins = su
-+suidbins =
- suidubins = chage chfn chsh expiry gpasswd newgrp
-+if WITH_SU
-+suidbins += su
-+endif
- if !WITH_TCB
- suidubins += passwd
- endif
---
-2.24.0
-
diff --git a/sys-apps/shadow/shadow-4.6.ebuild b/sys-apps/shadow/shadow-4.6.ebuild
deleted file mode 100644
index 759aeb93184..00000000000
--- a/sys-apps/shadow/shadow-4.6.ebuild
+++ /dev/null
@@ -1,214 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit libtool pam
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86"
-IUSE="acl audit +cracklib nls pam selinux skey split-usr xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-RDEPEND="acl? ( sys-apps/acl:0= )
- audit? ( >=sys-process/audit-2.6:0= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
- pam? ( sys-libs/pam:0= )
- skey? ( sys-auth/skey:0= )
- selinux? (
- >=sys-libs/libselinux-1.28:0=
- sys-libs/libsemanage:0=
- )
- nls? ( virtual/libintl )
- xattr? ( sys-apps/attr:0= )"
-DEPEND="${RDEPEND}
- app-arch/xz-utils
- nls? ( sys-devel/gettext )"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20150213 )"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
-)
-
-src_prepare() {
- default
- #eautoreconf
- elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --without-group-name-max-length
- --without-tcb
- --enable-shared=no
- --enable-static=yes
- $(use_with acl)
- $(use_with audit)
- $(use_with cracklib libcrack)
- $(use_with pam libpam)
- $(use_with skey)
- $(use_with selinux)
- $(use_enable nls)
- $(use_with elibc_glibc nscd)
- $(use_with xattr attr)
- )
- econf "${myeconfargs[@]}"
-
- has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=$1 val=$2
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED%/}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED%/}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED%/}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # Remove libshadow and libmisc; see bug 37725 and the following
- # comment from shadow's README.linux:
- # Currently, libshadow.a is for internal use only, so if you see
- # -lshadow in a Makefile of some other package, it is safe to
- # remove it.
- rm -f "${ED%/}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- dodir /bin
- mv "${ED%/}"/usr/bin/passwd "${ED%/}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chpasswd chgpasswd newusers; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chage chsh chfn \
- user{add,del,mod} group{add,del,mod} ; do
- newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
- done
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED%/}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED%/}"/usr/share/man \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED%/}"/etc/pam.d/{login,passwd,su} || die
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED%/}"/usr/share/man \
- '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
- -delete
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT}" 2>/dev/null ; then
- grpconv -R "${EROOT}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
diff --git a/sys-apps/shadow/shadow-4.7-r2.ebuild b/sys-apps/shadow/shadow-4.7-r2.ebuild
deleted file mode 100644
index f30ee5ed23c..00000000000
--- a/sys-apps/shadow/shadow-4.7-r2.ebuild
+++ /dev/null
@@ -1,236 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools libtool pam
-
-DESCRIPTION="Utilities to deal with user accounts"
-HOMEPAGE="https://github.com/shadow-maint/shadow"
-SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.gz"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="acl audit +cracklib nls pam selinux skey split-usr +su xattr"
-# Taken from the man/Makefile.am file.
-LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
-
-BDEPEND="
- app-arch/xz-utils
- sys-devel/gettext
-"
-COMMON_DEPEND="
- acl? ( sys-apps/acl:0= )
- audit? ( >=sys-process/audit-2.6:0= )
- cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
- nls? ( virtual/libintl )
- pam? ( sys-libs/pam:0= )
- skey? ( sys-auth/skey:0= )
- selinux? (
- >=sys-libs/libselinux-1.28:0=
- sys-libs/libsemanage:0=
- )
- xattr? ( sys-apps/attr:0= )
-"
-DEPEND="${COMMON_DEPEND}
- >=sys-kernel/linux-headers-4.14
-"
-RDEPEND="${COMMON_DEPEND}
- pam? ( >=sys-auth/pambase-20150213 )
- su? ( !sys-apps/util-linux[su(-)] )
-"
-
-PATCHES=(
- "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
- "${FILESDIR}/${PN}-4.7-optional_su.patch"
-)
-
-src_prepare() {
- default
- eautoreconf
- #elibtoolize
-}
-
-src_configure() {
- local myeconfargs=(
- --with-btrfs
- --without-group-name-max-length
- --without-tcb
- --enable-shared=no
- --enable-static=yes
- $(use_enable nls)
- $(use_with acl)
- $(use_with audit)
- $(use_with cracklib libcrack)
- $(use_with elibc_glibc nscd)
- $(use_with pam libpam)
- $(use_with selinux)
- $(use_with skey)
- $(use_with su)
- $(use_with xattr attr)
- )
- econf "${myeconfargs[@]}"
-
- has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
-
- if use nls ; then
- local l langs="po" # These are the pot files.
- for l in ${LANGS[*]} ; do
- has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
- done
- sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
- fi
-}
-
-set_login_opt() {
- local comment="" opt=$1 val=$2
- if [[ -z ${val} ]]; then
- comment="#"
- sed -i \
- -e "/^${opt}\>/s:^:#:" \
- "${ED}"/etc/login.defs || die
- else
- sed -i -r \
- -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
- "${ED}"/etc/login.defs
- fi
- local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
- einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
-}
-
-src_install() {
- emake DESTDIR="${D}" suidperms=4711 install
-
- # Remove libshadow and libmisc; see bug 37725 and the following
- # comment from shadow's README.linux:
- # Currently, libshadow.a is for internal use only, so if you see
- # -lshadow in a Makefile of some other package, it is safe to
- # remove it.
- rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
-
- insinto /etc
- if ! use pam ; then
- insopts -m0600
- doins etc/login.access etc/limits
- fi
-
- # needed for 'useradd -D'
- insinto /etc/default
- insopts -m0600
- doins "${FILESDIR}"/default/useradd
-
- if use split-usr ; then
- # move passwd to / to help recover broke systems #64441
- # We cannot simply remove this or else net-misc/scponly
- # and other tools will break because of hardcoded passwd
- # location
- dodir /bin
- mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
- dosym ../../bin/passwd /usr/bin/passwd
- fi
-
- cd "${S}" || die
- insinto /etc
- insopts -m0644
- newins etc/login.defs login.defs
-
- set_login_opt CREATE_HOME yes
- if ! use pam ; then
- set_login_opt MAIL_CHECK_ENAB no
- set_login_opt SU_WHEEL_ONLY yes
- set_login_opt CRACKLIB_DICTPATH /usr/$(get_libdir)/cracklib_dict
- set_login_opt LOGIN_RETRIES 3
- set_login_opt ENCRYPT_METHOD SHA512
- set_login_opt CONSOLE
- else
- dopamd "${FILESDIR}"/pam.d-include/shadow
-
- for x in chpasswd chgpasswd newusers; do
- newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
- done
-
- for x in chage chsh chfn \
- user{add,del,mod} group{add,del,mod} ; do
- newpamd "${FILESDIR}"/pam.d-include/shadow ${x}
- done
-
- # comment out login.defs options that pam hates
- local opt sed_args=()
- for opt in \
- CHFN_AUTH \
- CONSOLE \
- CRACKLIB_DICTPATH \
- ENV_HZ \
- ENVIRON_FILE \
- FAILLOG_ENAB \
- FTMP_FILE \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- MOTD_FILE \
- NOLOGINS_FILE \
- OBSCURE_CHECKS_ENAB \
- PASS_ALWAYS_WARN \
- PASS_CHANGE_TRIES \
- PASS_MIN_LEN \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- SU_WHEEL_ONLY
- do
- set_login_opt ${opt}
- sed_args+=( -e "/^#${opt}\>/b pamnote" )
- done
- sed -i "${sed_args[@]}" \
- -e 'b exit' \
- -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
- -e ': exit' \
- "${ED}"/etc/login.defs || die
-
- # remove manpages that pam will install for us
- # and/or don't apply when using pam
- find "${ED}"/usr/share/man -type f \
- '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
- -delete
-
- # Remove pam.d files provided by pambase.
- rm "${ED}"/etc/pam.d/{login,passwd} || die
- if use su ; then
- rm "${ED}"/etc/pam.d/su || die
- fi
- fi
-
- # Remove manpages that are handled by other packages
- find "${ED}"/usr/share/man \
- '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \
- -delete
-
- cd "${S}" || die
- dodoc ChangeLog NEWS TODO
- newdoc README README.download
- cd doc || die
- dodoc HOWTO README* WISHLIST *.txt
-}
-
-pkg_preinst() {
- rm -f "${EROOT}"/etc/pam.d/system-auth.new \
- "${EROOT}/etc/login.defs.new"
-}
-
-pkg_postinst() {
- # Enable shadow groups.
- if [ ! -f "${EROOT}"/etc/gshadow ] ; then
- if grpck -r -R "${EROOT}" 2>/dev/null ; then
- grpconv -R "${EROOT}"
- else
- ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
- ewarn "run 'grpconv' afterwards!"
- fi
- fi
-
- [[ ! -f "${EROOT}"/etc/subgid ]] &&
- touch "${EROOT}"/etc/subgid
- [[ ! -f "${EROOT}"/etc/subuid ]] &&
- touch "${EROOT}"/etc/subuid
-
- einfo "The 'adduser' symlink to 'useradd' has been dropped."
-}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2021-07-25 14:05 Lars Wendler
0 siblings, 0 replies; 12+ messages in thread
From: Lars Wendler @ 2021-07-25 14:05 UTC (permalink / raw
To: gentoo-commits
commit: 094b04485ed2967a788dc20912de0cc76d2f47ab
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 25 14:02:03 2021 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Jul 25 14:02:03 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=094b0448
sys-apps/shadow: Bump to version 4.9
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
sys-apps/shadow/Manifest | 1 +
.../files/shadow-4.9-libsubid_oot_build.patch | 109 +++++++++
.../files/shadow-4.9-libsubid_pam_linking.patch | 28 +++
sys-apps/shadow/shadow-4.9.ebuild | 249 +++++++++++++++++++++
4 files changed, 387 insertions(+)
diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest
index 5d1b8fe26cb..19bec0338d0 100644
--- a/sys-apps/shadow/Manifest
+++ b/sys-apps/shadow/Manifest
@@ -1 +1,2 @@
DIST shadow-4.8.1.tar.xz 1611196 BLAKE2B 952707cdd55dc6c00dcbc60dbc3bf84ac618dbe916b36d993802b3ce42594de332a9bc22933a28881af3d317a340eab017ada55511b4e4fbc3ca6b422c4bc254 SHA512 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b
+DIST shadow-4.9.tar.xz 1627008 BLAKE2B 7a9a6a489115c7a20520cfec61f008fc0f70f7f50aaf539e94dfdcb20035d2de88ab3198e76812a4e3eb944b92c76c0ca2e85e35f4342537711c2c033248a72b SHA512 254cda49bb14505a7604821e7fa898bf4bf317d648e9ddc881ab80a6860d52053dfffacad6feab87c7d16608c35ed6b6cee99e7757eac930da3a7b31cdcd4b95
diff --git a/sys-apps/shadow/files/shadow-4.9-libsubid_oot_build.patch b/sys-apps/shadow/files/shadow-4.9-libsubid_oot_build.patch
new file mode 100644
index 00000000000..6609ccd6d3a
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.9-libsubid_oot_build.patch
@@ -0,0 +1,109 @@
+From 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Fri, 23 Jul 2021 17:51:13 -0500
+Subject: [PATCH] Fix out of tree builds with respect to libsubid includes
+
+There's a better way to do this, and I hope to clean that up,
+but this fixes out of tree builds for me right now.
+
+Closes #386
+
+Signed-off-by: Serge Hallyn <serge@hallyn.com>
+---
+ lib/Makefile.am | 2 ++
+ libmisc/Makefile.am | 2 +-
+ libsubid/Makefile.am | 4 ++--
+ src/Makefile.am | 6 ++++++
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index ecf3ee25..5ac2e111 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
+ libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
+ endif
+
++libshadow_la_CPPFLAGS += -I$(top_srcdir)
++
+ libshadow_la_SOURCES = \
+ commonio.c \
+ commonio.h \
+diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
+index 9766a7ec..9f237e0d 100644
+--- a/libmisc/Makefile.am
++++ b/libmisc/Makefile.am
+@@ -1,7 +1,7 @@
+
+ EXTRA_DIST = .indent.pro xgetXXbyYY.c
+
+-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+
+ noinst_LTLIBRARIES = libmisc.la
+
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index 83051560..99308c1f 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -20,8 +20,8 @@ MISCLIBS = \
+ $(LIBPAM)
+
+ libsubid_la_LIBADD = \
+- $(top_srcdir)/lib/libshadow.la \
+- $(top_srcdir)/libmisc/libmisc.la \
++ $(top_builddir)/lib/libshadow.la \
++ $(top_builddir)/libmisc/libmisc.la \
+ $(MISCLIBS) -ldl
+
+ AM_CPPFLAGS = \
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 35027013..7c1a3491 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -10,6 +10,7 @@ sgidperms = 2755
+ AM_CPPFLAGS = \
+ -I${top_srcdir}/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -DLOCALEDIR=\"$(datadir)/locale\"
+
+ # XXX why are login and su in /bin anyway (other than for
+@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
+ list_subid_ranges_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ get_subid_owners_LDADD = \
+@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
+ get_subid_owners_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ new_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ new_subid_range_LDADD = \
+@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
+ free_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/libmisc \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libsubid
+
+ free_subid_range_LDADD = \
+@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
+
+ check_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
++ -I$(top_srcdir) \
+ -I$(top_srcdir)/libmisc
+
+ check_subid_range_LDADD = \
diff --git a/sys-apps/shadow/files/shadow-4.9-libsubid_pam_linking.patch b/sys-apps/shadow/files/shadow-4.9-libsubid_pam_linking.patch
new file mode 100644
index 00000000000..7fb03f6ff42
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.9-libsubid_pam_linking.patch
@@ -0,0 +1,28 @@
+From f4a84efb468b8be21be124700ce35159c444e9d6 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@mengyan1223.wang>
+Date: Fri, 23 Jul 2021 14:38:08 +0800
+Subject: [PATCH] libsubid: link to PAM libraries
+
+libsubid.so links to libmisc.a, which contains several routines referring to
+PAM functions.
+---
+ libsubid/Makefile.am | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index 189165b0..83051560 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -16,7 +16,8 @@ MISCLIBS = \
+ $(LIBCRYPT) \
+ $(LIBACL) \
+ $(LIBATTR) \
+- $(LIBTCB)
++ $(LIBTCB) \
++ $(LIBPAM)
+
+ libsubid_la_LIBADD = \
+ $(top_srcdir)/lib/libshadow.la \
+--
+2.32.0
+
diff --git a/sys-apps/shadow/shadow-4.9.ebuild b/sys-apps/shadow/shadow-4.9.ebuild
new file mode 100644
index 00000000000..ae13c6e52b4
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.9.ebuild
@@ -0,0 +1,249 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools pam
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
+IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr +su xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+
+REQUIRED_USE="?? ( cracklib pam )"
+
+BDEPEND="
+ app-arch/xz-utils
+ sys-devel/gettext
+"
+COMMON_DEPEND="
+ virtual/libcrypt:=
+ acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ nls? ( virtual/libintl )
+ pam? ( sys-libs/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ xattr? ( sys-apps/attr:0= )
+"
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-4.14
+"
+RDEPEND="${COMMON_DEPEND}
+ !<sys-apps/man-pages-5.11-r1
+ !=sys-apps/man-pages-5.12-r0
+ !=sys-apps/man-pages-5.12-r1
+ nls? (
+ !<app-i18n/man-pages-it-5.06-r1
+ !<app-i18n/man-pages-ja-20171215-r1 !=app-i18n/man-pages-ja-20180315-r0
+ !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
+ )
+ pam? ( >=sys-auth/pambase-20150213 )
+ su? ( !sys-apps/util-linux[su(-)] )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
+ "${FILESDIR}/${P}-libsubid_pam_linking.patch"
+ "${FILESDIR}/${P}-libsubid_oot_build.patch"
+)
+
+src_prepare() {
+ default
+ eautoreconf
+ #elibtoolize
+}
+
+src_configure() {
+ local myeconfargs=(
+ --disable-account-tools-setuid
+ --with-btrfs
+ --without-group-name-max-length
+ --without-tcb
+ $(use_enable nls)
+ $(use_with acl)
+ $(use_with audit)
+ $(use_with bcrypt)
+ $(use_with cracklib libcrack)
+ $(use_with elibc_glibc nscd)
+ $(use_with pam libpam)
+ $(use_with selinux)
+ $(use_with skey)
+ $(use_with su)
+ $(use_with xattr attr)
+ )
+ econf "${myeconfargs[@]}"
+
+ has_version 'sys-libs/uclibc[-rpc]' && sed -i '/RLOGIN/d' config.h #425052
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=${1} val=${2}
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # Remove libshadow and libmisc; see bug 37725 and the following
+ # comment from shadow's README.linux:
+ # Currently, libshadow.a is for internal use only, so if you see
+ # -lshadow in a Makefile of some other package, it is safe to
+ # remove it.
+ rm -f "${ED}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la}
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ if use split-usr ; then
+ # move passwd to / to help recover broke systems #64441
+ # We cannot simply remove this or else net-misc/scponly
+ # and other tools will break because of hardcoded passwd
+ # location
+ dodir /bin
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym ../../bin/passwd /usr/bin/passwd
+ fi
+
+ cd "${S}" || die
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chsh shfn ; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chpasswd newusers ; do
+ newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
+ done
+
+ newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
+
+ # comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man -type f \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd} || die
+ if use su ; then
+ rm "${ED}"/etc/pam.d/su || die
+ fi
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man -type f \
+ '(' -name id.1 -o -name getspnam.3 ')' \
+ -delete
+
+ cd "${S}" || die
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc || die
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Enable shadow groups.
+ if [ ! -f "${EROOT}"/etc/gshadow ] ; then
+ if grpck -r -R "${EROOT}" 2>/dev/null ; then
+ grpconv -R "${EROOT}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ [[ ! -f "${EROOT}"/etc/subgid ]] &&
+ touch "${EROOT}"/etc/subgid
+ [[ ! -f "${EROOT}"/etc/subuid ]] &&
+ touch "${EROOT}"/etc/subuid
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2021-12-20 1:27 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2021-12-20 1:27 UTC (permalink / raw
To: gentoo-commits
commit: ca1bb8531416b974b09efde5028ea46829e3c2c0
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 20 01:27:07 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Dec 20 01:27:22 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca1bb853
sys-apps/shadow: fix libsubid SONAME, add subslot for libsubid
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../shadow/files/shadow-4.10-libsubid-soname.patch | 27 ++++++++++++++++++++++
sys-apps/shadow/metadata.xml | 4 +++-
...shadow-4.10-r1.ebuild => shadow-4.10-r2.ebuild} | 9 +++++---
3 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch b/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
new file mode 100644
index 000000000000..dffffb9c917b
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
@@ -0,0 +1,27 @@
+https://github.com/shadow-maint/shadow/pull/463
+
+From: Sam James <sam@gentoo.org>
+Date: Mon, 20 Dec 2021 01:24:16 +0000
+Subject: [PATCH] libsubid: fix defining SONAME version
+
+We were overriding this when --enable-shared was passed. We can actually
+just dump the conditional logic as libtool will do the right thing for
+us here anyway.
+
+Without this patch, libsubid is installed as .0.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -1,10 +1,6 @@
+ lib_LTLIBRARIES = libsubid.la
+-if ENABLE_SHARED
+-libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
+- -shared -version-info @LIBSUBID_ABI_MAJOR@
+-endif
+ libsubid_la_SOURCES = api.c
+-libsubid_la_LDFLAGS = -export-symbols-regex '^subid_'
++libsubid_la_LDFLAGS = -version-info @LIBSUBID_ABI_MAJOR@ -export-symbols-regex '^subid_'
+
+ pkginclude_HEADERS = subid.h
+
diff --git a/sys-apps/shadow/metadata.xml b/sys-apps/shadow/metadata.xml
index 980dcbed0ddb..9c7dcc5444cf 100644
--- a/sys-apps/shadow/metadata.xml
+++ b/sys-apps/shadow/metadata.xml
@@ -9,7 +9,9 @@
<flag name="bcrypt">build the bcrypt password encryption algorithm</flag>
<flag name="su">build the su program</flag>
</use>
- <!-- only for USE=pam -->
+ <slots>
+ <subslots>Reflect ABI of libsubids.so</subslots>
+ </slots>
<upstream>
<remote-id type="cpe">cpe:/a:debian:shadow</remote-id>
<remote-id type="github">shadow-maint/shadow</remote-id>
diff --git a/sys-apps/shadow/shadow-4.10-r1.ebuild b/sys-apps/shadow/shadow-4.10-r2.ebuild
similarity index 97%
rename from sys-apps/shadow/shadow-4.10-r1.ebuild
rename to sys-apps/shadow/shadow-4.10-r2.ebuild
index a213030fec37..888a5dd2db52 100644
--- a/sys-apps/shadow/shadow-4.10-r1.ebuild
+++ b/sys-apps/shadow/shadow-4.10-r2.ebuild
@@ -3,14 +3,15 @@
EAPI=7
-inherit libtool pam
+inherit autotools pam
DESCRIPTION="Utilities to deal with user accounts"
HOMEPAGE="https://github.com/shadow-maint/shadow"
SRC_URI="https://github.com/shadow-maint/shadow/releases/download/v${PV}/${P}.tar.xz"
LICENSE="BSD GPL-2"
-SLOT="0"
+# Subslot is for libsubid's SONAME.
+SLOT="0/4"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr"
# Taken from the man/Makefile.am file.
@@ -54,12 +55,14 @@ RDEPEND="${COMMON_DEPEND}
PATCHES=(
"${FILESDIR}/${PN}-4.1.3-dots-in-usernames.patch"
+ "${FILESDIR}/${PN}-4.10-libsubid-soname.patch"
)
src_prepare() {
default
- elibtoolize
+ eautoreconf
+ #elibtoolize
}
src_configure() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2021-12-20 1:41 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2021-12-20 1:41 UTC (permalink / raw
To: gentoo-commits
commit: 019a7e4cea7b1a827ea4e1b5ef64dc528173d324
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 20 01:40:38 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Dec 20 01:40:51 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=019a7e4c
sys-apps/shadow: update libsubid patch to match upstream-submitted version
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch | 13 ++++++++++++-
sys-apps/shadow/shadow-4.10-r2.ebuild | 1 -
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch b/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
index dffffb9c917b..e2f8ddf466d9 100644
--- a/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
+++ b/sys-apps/shadow/files/shadow-4.10-libsubid-soname.patch
@@ -1,7 +1,7 @@
https://github.com/shadow-maint/shadow/pull/463
From: Sam James <sam@gentoo.org>
-Date: Mon, 20 Dec 2021 01:24:16 +0000
+Date: Mon, 20 Dec 2021 01:37:23 +0000
Subject: [PATCH] libsubid: fix defining SONAME version
We were overriding this when --enable-shared was passed. We can actually
@@ -11,6 +11,17 @@ us here anyway.
Without this patch, libsubid is installed as .0.
Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -321,8 +321,6 @@ if test "$with_sha_crypt" = "yes"; then
+ AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
+ fi
+
+-AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
+-
+ AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
+ if test "$with_bcrypt" = "yes"; then
+ AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
--- a/libsubid/Makefile.am
+++ b/libsubid/Makefile.am
@@ -1,10 +1,6 @@
diff --git a/sys-apps/shadow/shadow-4.10-r2.ebuild b/sys-apps/shadow/shadow-4.10-r2.ebuild
index 888a5dd2db52..6f651117a693 100644
--- a/sys-apps/shadow/shadow-4.10-r2.ebuild
+++ b/sys-apps/shadow/shadow-4.10-r2.ebuild
@@ -68,7 +68,6 @@ src_prepare() {
src_configure() {
local myeconfargs=(
--disable-account-tools-setuid
- --enable-shared
--disable-static
--with-btrfs
--without-group-name-max-length
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2023-04-18 16:35 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-04-18 16:35 UTC (permalink / raw
To: gentoo-commits
commit: f00fc3d1955bec0b229a0a4e5affc3080f4554fd
Author: Michael Vetter <jubalh <AT> iodoru <DOT> org>
AuthorDate: Tue Apr 18 16:01:40 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Apr 18 16:33:34 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f00fc3d1
sys-apps/shadow: fix CVE-2023-29383
See: https://nvd.nist.gov/vuln/detail/CVE-2023-29383
Bug: https://bugs.gentoo.org/904518
Signed-off-by: Michael Vetter <jubalh <AT> iodoru.org>
Closes: https://github.com/gentoo/gentoo/pull/30644
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../shadow/files/shadow-4.13-CVE-2023-29383.patch | 100 ++++++++
sys-apps/shadow/shadow-4.13-r3.ebuild | 264 +++++++++++++++++++++
2 files changed, 364 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch b/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch
new file mode 100644
index 000000000000..49868ba67c96
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.13-CVE-2023-29383.patch
@@ -0,0 +1,100 @@
+From e5905c4b84d4fb90aefcd96ee618411ebfac663d Mon Sep 17 00:00:00 2001
+From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
+Date: Thu, 23 Mar 2023 23:39:38 +0000
+Subject: [PATCH] Added control character check
+
+Added control character check, returning -1 (to "err") if control characters are present.
+---
+ lib/fields.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index 640be931f..fb51b5829 100644
+--- a/lib/fields.c
++++ b/lib/fields.c
+@@ -21,9 +21,9 @@
+ *
+ * The supplied field is scanned for non-printable and other illegal
+ * characters.
+- * + -1 is returned if an illegal character is present.
+- * + 1 is returned if no illegal characters are present, but the field
+- * contains a non-printable character.
++ * + -1 is returned if an illegal or control character is present.
++ * + 1 is returned if no illegal or control characters are present,
++ * but the field contains a non-printable character.
+ * + 0 is returned otherwise.
+ */
+ int valid_field (const char *field, const char *illegal)
+@@ -45,10 +45,13 @@ int valid_field (const char *field, const char *illegal)
+ }
+
+ if (0 == err) {
+- /* Search if there are some non-printable characters */
++ /* Search if there are non-printable or control characters */
+ for (cp = field; '\0' != *cp; cp++) {
+ if (!isprint (*cp)) {
+ err = 1;
++ }
++ if (!iscntrl (*cp)) {
++ err = -1;
+ break;
+ }
+ }
+From 2eaea70111f65b16d55998386e4ceb4273c19eb4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 31 Mar 2023 14:46:50 +0200
+Subject: [PATCH] Overhaul valid_field()
+
+e5905c4b ("Added control character check") introduced checking for
+control characters but had the logic inverted, so it rejects all
+characters that are not control ones.
+
+Cast the character to `unsigned char` before passing to the character
+checking functions to avoid UB.
+
+Use strpbrk(3) for the illegal character test and return early.
+---
+ lib/fields.c | 24 ++++++++++--------------
+ 1 file changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/lib/fields.c b/lib/fields.c
+index fb51b5829..539292485 100644
+--- a/lib/fields.c
++++ b/lib/fields.c
+@@ -37,26 +37,22 @@ int valid_field (const char *field, const char *illegal)
+
+ /* For each character of field, search if it appears in the list
+ * of illegal characters. */
++ if (illegal && NULL != strpbrk (field, illegal)) {
++ return -1;
++ }
++
++ /* Search if there are non-printable or control characters */
+ for (cp = field; '\0' != *cp; cp++) {
+- if (strchr (illegal, *cp) != NULL) {
++ unsigned char c = *cp;
++ if (!isprint (c)) {
++ err = 1;
++ }
++ if (iscntrl (c)) {
+ err = -1;
+ break;
+ }
+ }
+
+- if (0 == err) {
+- /* Search if there are non-printable or control characters */
+- for (cp = field; '\0' != *cp; cp++) {
+- if (!isprint (*cp)) {
+- err = 1;
+- }
+- if (!iscntrl (*cp)) {
+- err = -1;
+- break;
+- }
+- }
+- }
+-
+ return err;
+ }
+
diff --git a/sys-apps/shadow/shadow-4.13-r3.ebuild b/sys-apps/shadow/shadow-4.13-r3.ebuild
new file mode 100644
index 000000000000..7d0460c2c41e
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.13-r3.ebuild
@@ -0,0 +1,264 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Upstream sometimes pushes releases as pre-releases before marking them
+# official. Don't keyword the pre-releases!
+# Check https://github.com/shadow-maint/shadow/releases.
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sergehallyn.asc
+inherit libtool pam verify-sig
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )"
+
+LICENSE="BSD GPL-2"
+# Subslot is for libsubid's SONAME.
+SLOT="0/4"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+
+REQUIRED_USE="?? ( cracklib pam )"
+
+COMMON_DEPEND="
+ virtual/libcrypt:=
+ acl? ( sys-apps/acl:0= )
+ audit? ( >=sys-process/audit-2.6:0= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:0= )
+ nls? ( virtual/libintl )
+ pam? ( sys-libs/pam:0= )
+ skey? ( sys-auth/skey:0= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:0=
+ sys-libs/libsemanage:0=
+ )
+ xattr? ( sys-apps/attr:0= )
+"
+DEPEND="${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-4.14
+"
+RDEPEND="${COMMON_DEPEND}
+ !<sys-apps/man-pages-5.11-r1
+ !=sys-apps/man-pages-5.12-r0
+ !=sys-apps/man-pages-5.12-r1
+ nls? (
+ !<app-i18n/man-pages-it-5.06-r1
+ !<app-i18n/man-pages-ja-20180315-r1
+ !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
+ )
+ pam? ( >=sys-auth/pambase-20150213 )
+ su? ( !sys-apps/util-linux[su(-)] )
+"
+BDEPEND="
+ app-arch/xz-utils
+ sys-devel/gettext
+ verify-sig? ( sec-keys/openpgp-keys-sergehallyn )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-configure-clang16.patch
+ "${FILESDIR}"/${P}-CVE-2023-29383.patch
+)
+
+src_prepare() {
+ default
+
+ elibtoolize
+}
+
+src_configure() {
+ local myeconfargs=(
+ --disable-account-tools-setuid
+ --disable-static
+ --with-btrfs
+ --without-group-name-max-length
+ --without-tcb
+ $(use_enable nls)
+ $(use_with acl)
+ $(use_with audit)
+ $(use_with bcrypt)
+ $(use_with cracklib libcrack)
+ $(use_with elibc_glibc nscd)
+ $(use_with pam libpam)
+ $(use_with selinux)
+ $(use_with skey)
+ $(use_with su)
+ $(use_with xattr attr)
+ )
+
+ econf "${myeconfargs[@]}"
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=${1} val=${2}
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
+ emake DESTDIR="${D}" -C man install
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ if use split-usr ; then
+ # move passwd to / to help recover broke systems #64441
+ # We cannot simply remove this or else net-misc/scponly
+ # and other tools will break because of hardcoded passwd
+ # location
+ dodir /bin
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym ../../bin/passwd /usr/bin/passwd
+ fi
+
+ cd "${S}" || die
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chsh chfn ; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chpasswd newusers ; do
+ newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
+ done
+
+ newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
+
+ # Comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # Remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man -type f \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd} || die
+ if use su ; then
+ rm "${ED}"/etc/pam.d/su || die
+ fi
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man -type f \
+ '(' -name id.1 -o -name getspnam.3 ')' \
+ -delete || die
+
+ if ! use su ; then
+ find "${ED}"/usr/share/man -type f -name su.1 -delete || die
+ fi
+
+ cd "${S}" || die
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc || die
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Missing entries from /etc/passwd can cause odd system blips.
+ # See bug #829872.
+ if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then
+ ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors."
+ fi
+
+ # Enable shadow groups.
+ if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then
+ if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then
+ grpconv -R "${EROOT:-/}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ [[ ! -f "${EROOT}"/etc/subgid ]] &&
+ touch "${EROOT}"/etc/subgid
+ [[ ! -f "${EROOT}"/etc/subuid ]] &&
+ touch "${EROOT}"/etc/subuid
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2023-06-17 2:40 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2023-06-17 2:40 UTC (permalink / raw
To: gentoo-commits
commit: 16921604a6bd3ec292570577a472d18aebe60389
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 17 02:29:25 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jun 17 02:32:11 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16921604
sys-apps/shadow: backport password leak fix, backport usermod gid --prefix fix
Bug: https://bugs.gentoo.org/908613
Closes: https://bugs.gentoo.org/894754
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../shadow/files/shadow-4.13-password-leak.patch | 135 +++++++++++
.../files/shadow-4.13-usermod-prefix-gid.patch | 33 +++
sys-apps/shadow/shadow-4.13-r4.ebuild | 268 +++++++++++++++++++++
3 files changed, 436 insertions(+)
diff --git a/sys-apps/shadow/files/shadow-4.13-password-leak.patch b/sys-apps/shadow/files/shadow-4.13-password-leak.patch
new file mode 100644
index 000000000000..25b5ec39c5f8
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.13-password-leak.patch
@@ -0,0 +1,135 @@
+https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
+
+From 65c88a43a23c2391dcc90c0abda3e839e9c57904 Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Sat, 10 Jun 2023 16:20:05 +0200
+Subject: [PATCH] gpasswd(1): Fix password leak
+
+How to trigger this password leak?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When gpasswd(1) asks for the new password, it asks twice (as is usual
+for confirming the new password). Each of those 2 password prompts
+uses agetpass() to get the password. If the second agetpass() fails,
+the first password, which has been copied into the 'static' buffer
+'pass' via STRFCPY(), wasn't being zeroed.
+
+agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
+can fail for any of the following reasons:
+
+- malloc(3) or readpassphrase(3) failure.
+
+ These are going to be difficult to trigger. Maybe getting the system
+ to the limits of memory utilization at that exact point, so that the
+ next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
+ About readpassphrase(3), ENFILE and EINTR seem the only plausible
+ ones, and EINTR probably requires privilege or being the same user;
+ but I wouldn't discard ENFILE so easily, if a process starts opening
+ files.
+
+- The password is longer than PASS_MAX.
+
+ The is plausible with physical access. However, at that point, a
+ keylogger will be a much simpler attack.
+
+And, the attacker must be able to know when the second password is being
+introduced, which is not going to be easy.
+
+How to read the password after the leak?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Provoking the leak yourself at the right point by entering a very long
+password is easy, and inspecting the process stack at that point should
+be doable. Try to find some consistent patterns.
+
+Then, search for those patterns in free memory, right after the victim
+leaks their password.
+
+Once you get the leak, a program should read all the free memory
+searching for patterns that gpasswd(1) leaves nearby the leaked
+password.
+
+On 6/10/23 03:14, Seth Arnold wrote:
+> An attacker process wouldn't be able to use malloc(3) for this task.
+> There's a handful of tools available for userspace to allocate memory:
+>
+> - brk / sbrk
+> - mmap MAP_ANONYMOUS
+> - mmap /dev/zero
+> - mmap some other file
+> - shm_open
+> - shmget
+>
+> Most of these return only pages of zeros to a process. Using mmap of an
+> existing file, you can get some of the contents of the file demand-loaded
+> into the memory space on the first use.
+>
+> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
+> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare.
+>
+> malloc(3) doesn't zero memory, to our collective frustration, but all the
+> garbage in the allocations is from previous allocations in the current
+> process. It isn't leftover from other processes.
+>
+> The avenues available for reading the memory:
+> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
+> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
+> - ptrace (requires ptrace privileges, mediated by YAMA)
+> - causing memory to be swapped to disk, and then inspecting the swap
+>
+> These all require a certain amount of privileges.
+
+How to fix it?
+~~~~~~~~~~~~~
+
+memzero(), which internally calls explicit_bzero(3), or whatever
+alternative the system provides with a slightly different name, will
+make sure that the buffer is zeroed in memory, and optimizations are not
+allowed to impede this zeroing.
+
+This is not really 100% effective, since compilers may place copies of
+the string somewhere hidden in the stack. Those copies won't get zeroed
+by explicit_bzero(3). However, that's arguably a compiler bug, since
+compilers should make everything possible to avoid optimizing strings
+that are later passed to explicit_bzero(3). But we all know that
+sometimes it's impossible to have perfect knowledge in the compiler, so
+this is plausible. Nevertheless, there's nothing we can do against such
+issues, except minimizing the time such passwords are stored in plain
+text.
+
+Security concerns
+~~~~~~~~~~~~~~~~
+
+We believe this isn't easy to exploit. Nevertheless, and since the fix
+is trivial, this fix should probably be applied soon, and backported to
+all supported distributions, to prevent someone else having more
+imagination than us to find a way.
+
+Affected versions
+~~~~~~~~~~~~~~~~
+
+All. Bug introduced in shadow 19990709. That's the second commit in
+the git history.
+
+Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
+Reported-by: Alejandro Colomar <alx@kernel.org>
+Cc: Serge Hallyn <serge@hallyn.com>
+Cc: Iker Pedrosa <ipedrosa@redhat.com>
+Cc: Seth Arnold <seth.arnold@canonical.com>
+Cc: Christian Brauner <christian@brauner.io>
+Cc: Balint Reczey <rbalint@debian.org>
+Cc: Sam James <sam@gentoo.org>
+Cc: David Runge <dvzrv@archlinux.org>
+Cc: Andreas Jaeger <aj@suse.de>
+Cc: <~hallyn/shadow@lists.sr.ht>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -898,6 +898,7 @@ static void change_passwd (struct group *gr)
+ erase_pass (cp);
+ cp = agetpass (_("Re-enter new password: "));
+ if (NULL == cp) {
++ memzero (pass, sizeof pass);
+ exit (1);
+ }
+
diff --git a/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch b/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch
new file mode 100644
index 000000000000..50cbe699d15e
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.13-usermod-prefix-gid.patch
@@ -0,0 +1,33 @@
+https://bugs.gentoo.org/903083
+https://github.com/shadow-maint/shadow/pull/691
+https://github.com/shadow-maint/shadow/commit/bd2d0079c90241f24671a7946a3ad175dc1a3aeb
+
+From fcb04de38a0ddc263288a1c450b35bfb1503d523 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sat, 25 Mar 2023 21:16:55 -0400
+Subject: [PATCH] usermod: respect --prefix for --gid option
+
+The --gid option accepts a group name or id. When a name is provided, it
+is resolved to an id by looking up the name in the group database
+(/etc/group).
+
+The --prefix option overides the location of the passwd and group
+databases. I suspect the --gid option was overlooked when wiring up the
+--prefix option.
+
+useradd --gid already respects --prefix; this change makes usermod
+behave the same way.
+
+Fixes: b6b2c756c91806b1c3e150ea0ee4721c6cdaf9d0
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -1072,7 +1072,7 @@ static void process_flags (int argc, char **argv)
+ fflg = true;
+ break;
+ case 'g':
+- grp = getgr_nam_gid (optarg);
++ grp = prefix_getgr_nam_gid (optarg);
+ if (NULL == grp) {
+ fprintf (stderr,
+ _("%s: group '%s' does not exist\n"),
diff --git a/sys-apps/shadow/shadow-4.13-r4.ebuild b/sys-apps/shadow/shadow-4.13-r4.ebuild
new file mode 100644
index 000000000000..aa20387a875e
--- /dev/null
+++ b/sys-apps/shadow/shadow-4.13-r4.ebuild
@@ -0,0 +1,268 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Upstream sometimes pushes releases as pre-releases before marking them
+# official. Don't keyword the pre-releases!
+# Check https://github.com/shadow-maint/shadow/releases.
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sergehallyn.asc
+inherit libtool pam verify-sig
+
+DESCRIPTION="Utilities to deal with user accounts"
+HOMEPAGE="https://github.com/shadow-maint/shadow"
+SRC_URI="https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( https://github.com/shadow-maint/shadow/releases/download/${PV}/${P}.tar.xz.asc )"
+
+LICENSE="BSD GPL-2"
+# Subslot is for libsubid's SONAME.
+SLOT="0/4"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="acl audit bcrypt cracklib nls pam selinux skey split-usr su xattr"
+# Taken from the man/Makefile.am file.
+LANGS=( cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW )
+
+REQUIRED_USE="?? ( cracklib pam )"
+
+COMMON_DEPEND="
+ virtual/libcrypt:=
+ acl? ( sys-apps/acl:= )
+ audit? ( >=sys-process/audit-2.6:= )
+ cracklib? ( >=sys-libs/cracklib-2.7-r3:= )
+ nls? ( virtual/libintl )
+ pam? ( sys-libs/pam:= )
+ skey? ( sys-auth/skey:= )
+ selinux? (
+ >=sys-libs/libselinux-1.28:=
+ sys-libs/libsemanage:=
+ )
+ xattr? ( sys-apps/attr:= )
+"
+DEPEND="
+ ${COMMON_DEPEND}
+ >=sys-kernel/linux-headers-4.14
+"
+RDEPEND="
+ ${COMMON_DEPEND}
+ !<sys-apps/man-pages-5.11-r1
+ !=sys-apps/man-pages-5.12-r0
+ !=sys-apps/man-pages-5.12-r1
+ nls? (
+ !<app-i18n/man-pages-it-5.06-r1
+ !<app-i18n/man-pages-ja-20180315-r1
+ !<app-i18n/man-pages-ru-5.03.2390.2390.20191017-r1
+ )
+ pam? ( >=sys-auth/pambase-20150213 )
+ su? ( !sys-apps/util-linux[su(-)] )
+"
+BDEPEND="
+ app-arch/xz-utils
+ sys-devel/gettext
+ verify-sig? ( sec-keys/openpgp-keys-sergehallyn )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-configure-clang16.patch
+ "${FILESDIR}"/${P}-CVE-2023-29383.patch
+ "${FILESDIR}"/${P}-usermod-prefix-gid.patch
+ "${FILESDIR}"/${P}-password-leak.patch
+)
+
+src_prepare() {
+ default
+
+ elibtoolize
+}
+
+src_configure() {
+ local myeconfargs=(
+ --disable-account-tools-setuid
+ --disable-static
+ --with-btrfs
+ --without-group-name-max-length
+ --without-tcb
+ $(use_enable nls)
+ $(use_with acl)
+ $(use_with audit)
+ $(use_with bcrypt)
+ $(use_with cracklib libcrack)
+ $(use_with elibc_glibc nscd)
+ $(use_with pam libpam)
+ $(use_with selinux)
+ $(use_with skey)
+ $(use_with su)
+ $(use_with xattr attr)
+ )
+
+ econf "${myeconfargs[@]}"
+
+ if use nls ; then
+ local l langs="po" # These are the pot files.
+ for l in ${LANGS[*]} ; do
+ has ${l} ${LINGUAS-${l}} && langs+=" ${l}"
+ done
+ sed -i "/^SUBDIRS = /s:=.*:= ${langs}:" man/Makefile || die
+ fi
+}
+
+set_login_opt() {
+ local comment="" opt=${1} val=${2}
+ if [[ -z ${val} ]]; then
+ comment="#"
+ sed -i \
+ -e "/^${opt}\>/s:^:#:" \
+ "${ED}"/etc/login.defs || die
+ else
+ sed -i -r \
+ -e "/^#?${opt}\>/s:.*:${opt} ${val}:" \
+ "${ED}"/etc/login.defs
+ fi
+ local res=$(grep "^${comment}${opt}\>" "${ED}"/etc/login.defs)
+ einfo "${res:-Unable to find ${opt} in /etc/login.defs}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" suidperms=4711 install
+
+ # 4.9 regression: https://github.com/shadow-maint/shadow/issues/389
+ emake DESTDIR="${D}" -C man install
+
+ find "${ED}" -name '*.la' -type f -delete || die
+
+ insinto /etc
+ if ! use pam ; then
+ insopts -m0600
+ doins etc/login.access etc/limits
+ fi
+
+ # needed for 'useradd -D'
+ insinto /etc/default
+ insopts -m0600
+ doins "${FILESDIR}"/default/useradd
+
+ if use split-usr ; then
+ # move passwd to / to help recover broke systems #64441
+ # We cannot simply remove this or else net-misc/scponly
+ # and other tools will break because of hardcoded passwd
+ # location
+ dodir /bin
+ mv "${ED}"/usr/bin/passwd "${ED}"/bin/ || die
+ dosym ../../bin/passwd /usr/bin/passwd
+ fi
+
+ cd "${S}" || die
+ insinto /etc
+ insopts -m0644
+ newins etc/login.defs login.defs
+
+ set_login_opt CREATE_HOME yes
+ if ! use pam ; then
+ set_login_opt MAIL_CHECK_ENAB no
+ set_login_opt SU_WHEEL_ONLY yes
+ set_login_opt CRACKLIB_DICTPATH /usr/lib/cracklib_dict
+ set_login_opt LOGIN_RETRIES 3
+ set_login_opt ENCRYPT_METHOD SHA512
+ set_login_opt CONSOLE
+ else
+ dopamd "${FILESDIR}"/pam.d-include/shadow
+
+ for x in chsh chfn ; do
+ newpamd "${FILESDIR}"/pam.d-include/passwd ${x}
+ done
+
+ for x in chpasswd newusers ; do
+ newpamd "${FILESDIR}"/pam.d-include/chpasswd ${x}
+ done
+
+ newpamd "${FILESDIR}"/pam.d-include/shadow-r1 groupmems
+
+ # Comment out login.defs options that pam hates
+ local opt sed_args=()
+ for opt in \
+ CHFN_AUTH \
+ CONSOLE \
+ CRACKLIB_DICTPATH \
+ ENV_HZ \
+ ENVIRON_FILE \
+ FAILLOG_ENAB \
+ FTMP_FILE \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ MOTD_FILE \
+ NOLOGINS_FILE \
+ OBSCURE_CHECKS_ENAB \
+ PASS_ALWAYS_WARN \
+ PASS_CHANGE_TRIES \
+ PASS_MIN_LEN \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ SU_WHEEL_ONLY
+ do
+ set_login_opt ${opt}
+ sed_args+=( -e "/^#${opt}\>/b pamnote" )
+ done
+ sed -i "${sed_args[@]}" \
+ -e 'b exit' \
+ -e ': pamnote; i# NOTE: This setting should be configured via /etc/pam.d/ and not in this file.' \
+ -e ': exit' \
+ "${ED}"/etc/login.defs || die
+
+ # Remove manpages that pam will install for us
+ # and/or don't apply when using pam
+ find "${ED}"/usr/share/man -type f \
+ '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \
+ -delete
+
+ # Remove pam.d files provided by pambase.
+ rm "${ED}"/etc/pam.d/{login,passwd} || die
+ if use su ; then
+ rm "${ED}"/etc/pam.d/su || die
+ fi
+ fi
+
+ # Remove manpages that are handled by other packages
+ find "${ED}"/usr/share/man -type f \
+ '(' -name id.1 -o -name getspnam.3 ')' \
+ -delete || die
+
+ if ! use su ; then
+ find "${ED}"/usr/share/man -type f -name su.1 -delete || die
+ fi
+
+ cd "${S}" || die
+ dodoc ChangeLog NEWS TODO
+ newdoc README README.download
+ cd doc || die
+ dodoc HOWTO README* WISHLIST *.txt
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}"/etc/pam.d/system-auth.new \
+ "${EROOT}/etc/login.defs.new"
+}
+
+pkg_postinst() {
+ # Missing entries from /etc/passwd can cause odd system blips.
+ # See bug #829872.
+ if ! pwck -r -q -R "${EROOT:-/}" &>/dev/null ; then
+ ewarn "Running 'pwck' returned errors. Please run it manually to fix any errors."
+ fi
+
+ # Enable shadow groups.
+ if [[ ! -f "${EROOT}"/etc/gshadow ]] ; then
+ if grpck -r -R "${EROOT:-/}" 2>/dev/null ; then
+ grpconv -R "${EROOT:-/}"
+ else
+ ewarn "Running 'grpck' returned errors. Please run it by hand, and then"
+ ewarn "run 'grpconv' afterwards!"
+ fi
+ fi
+
+ [[ ! -f "${EROOT}"/etc/subgid ]] &&
+ touch "${EROOT}"/etc/subgid
+ [[ ! -f "${EROOT}"/etc/subuid ]] &&
+ touch "${EROOT}"/etc/subuid
+
+ einfo "The 'adduser' symlink to 'useradd' has been dropped."
+}
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/
@ 2023-09-19 0:55 Mike Gilbert
0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-09-19 0:55 UTC (permalink / raw
To: gentoo-commits
commit: 75209a50623aa5538ecbf940c20e69d55b0693f1
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 19 00:54:05 2023 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Sep 19 00:55:24 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75209a50
sys-apps/shadow: backport build fixes
Closes: https://bugs.gentoo.org/912446
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../shadow/files/shadow-4.14.0-bug912446.patch | 1305 ++++++++++++++++++++
...ow-4.14.0-r2.ebuild => shadow-4.14.0-r3.ebuild} | 12 +-
2 files changed, 1314 insertions(+), 3 deletions(-)
diff --git a/sys-apps/shadow/files/shadow-4.14.0-bug912446.patch b/sys-apps/shadow/files/shadow-4.14.0-bug912446.patch
new file mode 100644
index 000000000000..881c8f7f4ad4
--- /dev/null
+++ b/sys-apps/shadow/files/shadow-4.14.0-bug912446.patch
@@ -0,0 +1,1305 @@
+https://bugs.gentoo.org/912446
+
+From c34c2606cf8f0a52113156d9e22b7a35b391a17e Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Fri, 25 Aug 2023 11:29:00 +0200
+Subject: [PATCH] lib, libmisc: Move source files to lib (where their headers
+ were)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Scripted change:
+
+$ find lib/ -type f \
+| grep '\.h$' \
+| sed 's,lib/,libmisc/,' \
+| sed 's,\.h$,.c,' \
+| xargs find 2>/dev/null \
+| xargs mv -t lib/;
+
+Plus updating the Makefiles.
+
+Closes: <https://github.com/shadow-maint/shadow/issues/791>
+Closes: <https://bugs.gentoo.org/912446>
+Link: <https://github.com/shadow-maint/shadow/issues/763#issuecomment-1664383425>
+Link: <https://github.com/shadow-maint/shadow/pull/776>
+Link: <https://github.com/shadow-maint/shadow/commit/d0518cc250afeaceb772a7f50a900cfc9b3ab937>
+Reported-by: Christian Bricart <christian@bricart.de>
+Reported-by: Robert Marmorstein <robert@marmorstein.org>
+Cc: Sam James <sam@gentoo.org>
+[ jubalh tested the openSUSE package ]
+Tested-by: Michael Vetter <jubalh@iodoru.org>
+Acked-by: Michael Vetter <jubalh@iodoru.org>
+[ Robert F. tested the Gentoo package ]
+Tested-by: Robert Förster <Dessa@gmake.de>
+Cc: David Seifert <soap@gentoo.org>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ lib/Makefile.am | 10 ++++++++++
+ {libmisc => lib}/alloc.c | 0
+ {libmisc => lib}/bit.c | 0
+ {libmisc => lib}/mempcpy.c | 0
+ {libmisc => lib}/stpecpy.c | 0
+ {libmisc => lib}/stpeprintf.c | 0
+ libmisc/Makefile.am | 9 ---------
+ 7 files changed, 10 insertions(+), 9 deletions(-)
+ rename {libmisc => lib}/alloc.c (100%)
+ rename {libmisc => lib}/bit.c (100%)
+ rename {libmisc => lib}/mempcpy.c (100%)
+ rename {libmisc => lib}/stpecpy.c (100%)
+ rename {libmisc => lib}/stpeprintf.c (100%)
+
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index c8d6dd5fb..7f3f7f639 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -14,6 +14,10 @@ libshadow_la_CPPFLAGS += -I$(top_srcdir)
+ libshadow_la_CFLAGS = $(LIBBSD_CFLAGS)
+
+ libshadow_la_SOURCES = \
++ alloc.c \
++ alloc.h \
++ bit.c \
++ bit.h \
+ commonio.c \
+ commonio.h \
+ defines.h \
+@@ -34,6 +38,8 @@ libshadow_la_SOURCES = \
+ groupio.h \
+ gshadow.c \
+ lockpw.c \
++ mempcpy.c \
++ mempcpy.h \
+ nss.c \
+ nscd.c \
+ nscd.h \
+@@ -67,6 +73,10 @@ libshadow_la_SOURCES = \
+ shadowio.h \
+ shadowmem.c \
+ spawn.c \
++ stpecpy.c \
++ stpecpy.h \
++ stpeprintf.c \
++ stpeprintf.h \
+ write_full.c
+
+ if WITH_TCB
+diff --git a/libmisc/alloc.c b/lib/alloc.c
+similarity index 100%
+rename from libmisc/alloc.c
+rename to lib/alloc.c
+diff --git a/libmisc/bit.c b/lib/bit.c
+similarity index 100%
+rename from libmisc/bit.c
+rename to lib/bit.c
+diff --git a/libmisc/mempcpy.c b/lib/mempcpy.c
+similarity index 100%
+rename from libmisc/mempcpy.c
+rename to lib/mempcpy.c
+diff --git a/libmisc/stpecpy.c b/lib/stpecpy.c
+similarity index 100%
+rename from libmisc/stpecpy.c
+rename to lib/stpecpy.c
+diff --git a/libmisc/stpeprintf.c b/lib/stpeprintf.c
+similarity index 100%
+rename from libmisc/stpeprintf.c
+rename to lib/stpeprintf.c
+diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
+index 10bf1537f..5eba4650a 100644
+--- a/libmisc/Makefile.am
++++ b/libmisc/Makefile.am
+@@ -16,12 +16,8 @@ libmisc_la_SOURCES = \
+ addgrps.c \
+ age.c \
+ agetpass.c \
+- alloc.c \
+- ../lib/alloc.h \
+ audit_help.c \
+ basename.c \
+- bit.c \
+- ../lib/bit.h \
+ chkname.c \
+ chkname.h \
+ chowndir.c \
+@@ -53,7 +49,6 @@ libmisc_la_SOURCES = \
+ list.c \
+ loginprompt.c \
+ mail.c \
+- mempcpy.c \
+ motd.c \
+ myname.c \
+ obscure.c \
+@@ -71,10 +66,6 @@ libmisc_la_SOURCES = \
+ setugid.c \
+ setupenv.c \
+ shell.c \
+- stpecpy.c \
+- ../lib/stpecpy.h \
+- stpeprintf.c \
+- ../lib/stpeprintf.h \
+ strtoday.c \
+ sub.c \
+ sulog.c \
+From 093fb605f9ca0df8310210377b12c0cf2ea5110c Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Mon, 28 Aug 2023 12:54:22 +0200
+Subject: [PATCH] lib: Merge libmisc into libshadow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The separation was unnecessary, and caused build problems. Let's go
+wild and obliterate the library. The files are moved to libshadow.
+
+Scripted change:
+
+$ find libmisc/ -type f \
+| grep '\.[chy]$' \
+| xargs mv -t lib;
+
+Plus updating the Makefile and other references. While at it, I've
+sorted the sources lists.
+
+Link: <https://github.com/shadow-maint/shadow/pull/792>
+Reported-by: David Seifert <soap@gentoo.org>
+Cc: Sam James <sam@gentoo.org>
+Cc: Christian Bricart <christian@bricart.de>
+Cc: Michael Vetter <jubalh@iodoru.org>
+Cc: Robert Förster <Dessa@gmake.de>
+[ soap tested the Gentoo package ]
+Tested-by: David Seifert <soap@gentoo.org>
+Acked-by: David Seifert <soap@gentoo.org>
+Acked-by: Serge Hallyn <serge@hallyn.com>
+Acked-by: Iker Pedrosa <ipedrosa@redhat.com>
+Acked-by: <lslebodn@fedoraproject.org>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+---
+ .gitignore | 2 +-
+ Makefile.am | 2 +-
+ TODO | 4 +-
+ configure.ac | 1 -
+ lib/Makefile.am | 125 ++++++++++++++++++--
+ {libmisc => lib}/addgrps.c | 0
+ {libmisc => lib}/age.c | 0
+ {libmisc => lib}/agetpass.c | 0
+ {libmisc => lib}/audit_help.c | 0
+ {libmisc => lib}/basename.c | 0
+ {libmisc => lib}/btrfs.c | 0
+ {libmisc => lib}/chkname.c | 0
+ {libmisc => lib}/chkname.h | 0
+ {libmisc => lib}/chowndir.c | 0
+ {libmisc => lib}/chowntty.c | 0
+ {libmisc => lib}/cleanup.c | 0
+ {libmisc => lib}/cleanup_group.c | 0
+ {libmisc => lib}/cleanup_user.c | 0
+ {libmisc => lib}/console.c | 0
+ {libmisc => lib}/copydir.c | 0
+ {libmisc => lib}/csrand.c | 0
+ {libmisc => lib}/date_to_str.c | 0
+ {libmisc => lib}/entry.c | 0
+ {libmisc => lib}/env.c | 0
+ {libmisc => lib}/failure.c | 0
+ {libmisc => lib}/failure.h | 0
+ {libmisc => lib}/find_new_gid.c | 0
+ {libmisc => lib}/find_new_sub_gids.c | 0
+ {libmisc => lib}/find_new_sub_uids.c | 0
+ {libmisc => lib}/find_new_uid.c | 0
+ {libmisc => lib}/freezero.c | 0
+ {libmisc => lib}/freezero.h | 0
+ {libmisc => lib}/getdate.h | 0
+ {libmisc => lib}/getdate.y | 0
+ {libmisc => lib}/getgr_nam_gid.c | 0
+ {libmisc => lib}/getrange.c | 0
+ {libmisc => lib}/gettime.c | 0
+ {libmisc => lib}/hushed.c | 0
+ {libmisc => lib}/idmapping.c | 0
+ {libmisc => lib}/idmapping.h | 0
+ {libmisc => lib}/isexpired.c | 0
+ {libmisc => lib}/limits.c | 0
+ {libmisc => lib}/list.c | 0
+ {libmisc => lib}/log.c | 0
+ {libmisc => lib}/logind.c | 0
+ {libmisc => lib}/loginprompt.c | 0
+ {libmisc => lib}/mail.c | 0
+ {libmisc => lib}/motd.c | 0
+ {libmisc => lib}/myname.c | 0
+ {libmisc => lib}/obscure.c | 0
+ {libmisc => lib}/pam_pass.c | 0
+ {libmisc => lib}/pam_pass_non_interactive.c | 0
+ {libmisc => lib}/prefix_flag.c | 0
+ lib/prototypes.h | 2 +-
+ {libmisc => lib}/pwd2spwd.c | 0
+ {libmisc => lib}/pwd_init.c | 0
+ {libmisc => lib}/pwdcheck.c | 0
+ {libmisc => lib}/readpassphrase.c | 0
+ {libmisc => lib}/readpassphrase.h | 0
+ {libmisc => lib}/remove_tree.c | 0
+ {libmisc => lib}/rlogin.c | 0
+ {libmisc => lib}/root_flag.c | 0
+ {libmisc => lib}/salt.c | 0
+ {libmisc => lib}/setugid.c | 0
+ {libmisc => lib}/setupenv.c | 0
+ {libmisc => lib}/shell.c | 0
+ {libmisc => lib}/strtoday.c | 0
+ {libmisc => lib}/sub.c | 0
+ {libmisc => lib}/sulog.c | 0
+ {libmisc => lib}/ttytype.c | 0
+ {libmisc => lib}/tz.c | 0
+ {libmisc => lib}/ulimit.c | 0
+ {libmisc => lib}/user_busy.c | 0
+ {libmisc => lib}/utmp.c | 0
+ {libmisc => lib}/valid.c | 0
+ {libmisc => lib}/xgetXXbyYY.c | 0
+ {libmisc => lib}/xgetgrgid.c | 0
+ {libmisc => lib}/xgetgrnam.c | 0
+ {libmisc => lib}/xgetpwnam.c | 0
+ {libmisc => lib}/xgetpwuid.c | 0
+ {libmisc => lib}/xgetspnam.c | 0
+ {libmisc => lib}/xprefix_getpwnam.c | 0
+ {libmisc => lib}/yesno.c | 0
+ libmisc/.indent.pro | 5 -
+ libmisc/Makefile.am | 105 ----------------
+ libsubid/Makefile.am | 2 -
+ po/POTFILES.in | 116 +++++++++---------
+ src/Makefile.am | 14 +--
+ src/su.c | 4 +-
+ tests/common/config.sh | 2 -
+ tests/libsubid/04_nss/Makefile | 4 +-
+ 91 files changed, 180 insertions(+), 208 deletions(-)
+ rename {libmisc => lib}/addgrps.c (100%)
+ rename {libmisc => lib}/age.c (100%)
+ rename {libmisc => lib}/agetpass.c (100%)
+ rename {libmisc => lib}/audit_help.c (100%)
+ rename {libmisc => lib}/basename.c (100%)
+ rename {libmisc => lib}/btrfs.c (100%)
+ rename {libmisc => lib}/chkname.c (100%)
+ rename {libmisc => lib}/chkname.h (100%)
+ rename {libmisc => lib}/chowndir.c (100%)
+ rename {libmisc => lib}/chowntty.c (100%)
+ rename {libmisc => lib}/cleanup.c (100%)
+ rename {libmisc => lib}/cleanup_group.c (100%)
+ rename {libmisc => lib}/cleanup_user.c (100%)
+ rename {libmisc => lib}/console.c (100%)
+ rename {libmisc => lib}/copydir.c (100%)
+ rename {libmisc => lib}/csrand.c (100%)
+ rename {libmisc => lib}/date_to_str.c (100%)
+ rename {libmisc => lib}/entry.c (100%)
+ rename {libmisc => lib}/env.c (100%)
+ rename {libmisc => lib}/failure.c (100%)
+ rename {libmisc => lib}/failure.h (100%)
+ rename {libmisc => lib}/find_new_gid.c (100%)
+ rename {libmisc => lib}/find_new_sub_gids.c (100%)
+ rename {libmisc => lib}/find_new_sub_uids.c (100%)
+ rename {libmisc => lib}/find_new_uid.c (100%)
+ rename {libmisc => lib}/freezero.c (100%)
+ rename {libmisc => lib}/freezero.h (100%)
+ rename {libmisc => lib}/getdate.h (100%)
+ rename {libmisc => lib}/getdate.y (100%)
+ rename {libmisc => lib}/getgr_nam_gid.c (100%)
+ rename {libmisc => lib}/getrange.c (100%)
+ rename {libmisc => lib}/gettime.c (100%)
+ rename {libmisc => lib}/hushed.c (100%)
+ rename {libmisc => lib}/idmapping.c (100%)
+ rename {libmisc => lib}/idmapping.h (100%)
+ rename {libmisc => lib}/isexpired.c (100%)
+ rename {libmisc => lib}/limits.c (100%)
+ rename {libmisc => lib}/list.c (100%)
+ rename {libmisc => lib}/log.c (100%)
+ rename {libmisc => lib}/logind.c (100%)
+ rename {libmisc => lib}/loginprompt.c (100%)
+ rename {libmisc => lib}/mail.c (100%)
+ rename {libmisc => lib}/motd.c (100%)
+ rename {libmisc => lib}/myname.c (100%)
+ rename {libmisc => lib}/obscure.c (100%)
+ rename {libmisc => lib}/pam_pass.c (100%)
+ rename {libmisc => lib}/pam_pass_non_interactive.c (100%)
+ rename {libmisc => lib}/prefix_flag.c (100%)
+ rename {libmisc => lib}/pwd2spwd.c (100%)
+ rename {libmisc => lib}/pwd_init.c (100%)
+ rename {libmisc => lib}/pwdcheck.c (100%)
+ rename {libmisc => lib}/readpassphrase.c (100%)
+ rename {libmisc => lib}/readpassphrase.h (100%)
+ rename {libmisc => lib}/remove_tree.c (100%)
+ rename {libmisc => lib}/rlogin.c (100%)
+ rename {libmisc => lib}/root_flag.c (100%)
+ rename {libmisc => lib}/salt.c (100%)
+ rename {libmisc => lib}/setugid.c (100%)
+ rename {libmisc => lib}/setupenv.c (100%)
+ rename {libmisc => lib}/shell.c (100%)
+ rename {libmisc => lib}/strtoday.c (100%)
+ rename {libmisc => lib}/sub.c (100%)
+ rename {libmisc => lib}/sulog.c (100%)
+ rename {libmisc => lib}/ttytype.c (100%)
+ rename {libmisc => lib}/tz.c (100%)
+ rename {libmisc => lib}/ulimit.c (100%)
+ rename {libmisc => lib}/user_busy.c (100%)
+ rename {libmisc => lib}/utmp.c (100%)
+ rename {libmisc => lib}/valid.c (100%)
+ rename {libmisc => lib}/xgetXXbyYY.c (100%)
+ rename {libmisc => lib}/xgetgrgid.c (100%)
+ rename {libmisc => lib}/xgetgrnam.c (100%)
+ rename {libmisc => lib}/xgetpwnam.c (100%)
+ rename {libmisc => lib}/xgetpwuid.c (100%)
+ rename {libmisc => lib}/xgetspnam.c (100%)
+ rename {libmisc => lib}/xprefix_getpwnam.c (100%)
+ rename {libmisc => lib}/yesno.c (100%)
+ delete mode 100644 libmisc/.indent.pro
+ delete mode 100644 libmisc/Makefile.am
+
+diff --git a/Makefile.am b/Makefile.am
+index 630e2aa9c..d8dfc3bf7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2,7 +2,7 @@
+
+ EXTRA_DIST = NEWS README TODO shadow.spec.in
+
+-SUBDIRS = libmisc lib
++SUBDIRS = lib
+
+ if ENABLE_SUBIDS
+ SUBDIRS += libsubid
+diff --git a/TODO b/TODO
+index 8783ccd13..62571f5fd 100644
+--- a/TODO
++++ b/TODO
+@@ -10,13 +10,13 @@
+
+ Check when RLOGIN is enabled if ruserok() exists
+
+-Move selinux_file_context out of libmisc/copydir.c
++Move selinux_file_context out of lib/copydir.c
+
+ Review hardcoded root account?
+
+ review all call to strto
+
+-libmisc/cleanup_user.c
++lib/cleanup_user.c
+ cleanup needed (cleanup_report_add_user* not used)
+
+
+diff --git a/configure.ac b/configure.ac
+index f4fadc52b..b3bbf57d8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -753,7 +753,6 @@ AC_CONFIG_FILES([
+ man/uk/Makefile
+ man/zh_CN/Makefile
+ man/zh_TW/Makefile
+- libmisc/Makefile
+ lib/Makefile
+ libsubid/Makefile
+ libsubid/subid.h
+diff --git a/lib/Makefile.am b/lib/Makefile.am
+index 7f3f7f639..ca73313dc 100644
+--- a/lib/Makefile.am
++++ b/lib/Makefile.am
+@@ -5,64 +5,117 @@ DEFS =
+
+ noinst_LTLIBRARIES = libshadow.la
+
++if USE_PAM
++LIBCRYPT_PAM = $(LIBCRYPT)
++else
++LIBCRYPT_PAM =
++endif
++
++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
++
+ libshadow_la_CPPFLAGS = $(ECONF_CPPFLAGS)
+ if HAVE_VENDORDIR
+ libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
+ endif
+
+ libshadow_la_CPPFLAGS += -I$(top_srcdir)
+-libshadow_la_CFLAGS = $(LIBBSD_CFLAGS)
++libshadow_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+
+ libshadow_la_SOURCES = \
++ addgrps.c \
++ age.c \
++ agetpass.c \
+ alloc.c \
+ alloc.h \
++ audit_help.c \
++ basename.c \
+ bit.c \
+ bit.h \
++ chkname.c \
++ chkname.h \
++ chowndir.c \
++ chowntty.c \
++ cleanup.c \
++ cleanup_group.c \
++ cleanup_user.c \
+ commonio.c \
+ commonio.h \
++ console.c \
++ copydir.c \
++ csrand.c \
++ date_to_str.c \
+ defines.h \
+ encrypt.c \
++ entry.c \
++ env.c \
+ exitcodes.h \
+ faillog.h \
++ failure.c \
++ failure.h \
+ fields.c \
++ find_new_gid.c \
++ find_new_uid.c \
++ find_new_sub_gids.c \
++ find_new_sub_uids.c \
+ fputsx.c \
+- getdef.c \
+- getdef.h \
+ get_gid.c \
+- getlong.c \
+ get_pid.c \
+ get_uid.c \
++ getdate.h \
++ getdate.y \
++ getdef.c \
++ getdef.h \
++ getlong.c \
++ getgr_nam_gid.c \
++ getrange.c \
++ gettime.c \
+ getulong.c \
+ groupio.c \
+ groupmem.c \
+ groupio.h \
+ gshadow.c \
++ hushed.c \
++ idmapping.h \
++ idmapping.c \
++ isexpired.c \
++ limits.c \
++ list.c \
+ lockpw.c \
++ loginprompt.c \
++ mail.c \
+ mempcpy.c \
+ mempcpy.h \
++ motd.c \
++ myname.c \
+ nss.c \
+ nscd.c \
+ nscd.h \
+- shadowlog.c \
+- shadowlog.h \
+- shadowlog_internal.h \
+- sssd.c \
+- sssd.h \
++ obscure.c \
+ pam_defs.h \
++ pam_pass.c \
++ pam_pass_non_interactive.c \
+ port.c \
+ port.h \
++ prefix_flag.c \
+ prototypes.h \
+ pwauth.c \
+ pwauth.h \
+ pwio.c \
+ pwio.h \
++ pwd_init.c \
++ pwd2spwd.c \
++ pwdcheck.c \
+ pwmem.c \
++ remove_tree.c \
++ rlogin.c \
++ root_flag.c \
+ run_part.h \
+ run_part.c \
+- subordinateio.h \
+- subordinateio.c \
++ salt.c \
+ selinux.c \
+ semanage.c \
++ setugid.c \
++ setupenv.c \
+ sgetgrent.c \
+ sgetpwent.c \
+ sgetspent.c \
+@@ -71,18 +124,63 @@ libshadow_la_SOURCES = \
+ shadow.c \
+ shadowio.c \
+ shadowio.h \
++ shadowlog.c \
++ shadowlog.h \
++ shadowlog_internal.h \
+ shadowmem.c \
++ shell.c \
+ spawn.c \
++ sssd.c \
++ sssd.h \
+ stpecpy.c \
+ stpecpy.h \
+ stpeprintf.c \
+ stpeprintf.h \
+- write_full.c
++ strtoday.c \
++ sub.c \
++ subordinateio.h \
++ subordinateio.c \
++ sulog.c \
++ ttytype.c \
++ tz.c \
++ ulimit.c \
++ user_busy.c \
++ valid.c \
++ write_full.c \
++ xgetpwnam.c \
++ xprefix_getpwnam.c \
++ xgetpwuid.c \
++ xgetgrnam.c \
++ xgetgrgid.c \
++ xgetspnam.c \
++ yesno.c
+
+ if WITH_TCB
+ libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
+ endif
+
++if WITH_BTRFS
++libshadow_la_SOURCES += btrfs.c
++endif
++
++if ENABLE_LASTLOG
++libshadow_la_SOURCES += log.c
++endif
++
++if ENABLE_LOGIND
++libshadow_la_SOURCES += logind.c
++else
++libshadow_la_SOURCES += utmp.c
++endif
++
++if !WITH_LIBBSD
++libshadow_la_SOURCES += \
++ freezero.h \
++ freezero.c \
++ readpassphrase.h \
++ readpassphrase.c
++endif
++
+ # These files are unneeded for some reason, listed in
+ # order of appearance:
+ #
+@@ -90,4 +188,5 @@ endif
+
+ EXTRA_DIST = \
+ .indent.pro \
+- gshadow_.h
++ gshadow_.h \
++ xgetXXbyYY.c
+diff --git a/libmisc/addgrps.c b/lib/addgrps.c
+similarity index 100%
+rename from libmisc/addgrps.c
+rename to lib/addgrps.c
+diff --git a/libmisc/age.c b/lib/age.c
+similarity index 100%
+rename from libmisc/age.c
+rename to lib/age.c
+diff --git a/libmisc/agetpass.c b/lib/agetpass.c
+similarity index 100%
+rename from libmisc/agetpass.c
+rename to lib/agetpass.c
+diff --git a/libmisc/audit_help.c b/lib/audit_help.c
+similarity index 100%
+rename from libmisc/audit_help.c
+rename to lib/audit_help.c
+diff --git a/libmisc/basename.c b/lib/basename.c
+similarity index 100%
+rename from libmisc/basename.c
+rename to lib/basename.c
+diff --git a/libmisc/btrfs.c b/lib/btrfs.c
+similarity index 100%
+rename from libmisc/btrfs.c
+rename to lib/btrfs.c
+diff --git a/libmisc/chkname.c b/lib/chkname.c
+similarity index 100%
+rename from libmisc/chkname.c
+rename to lib/chkname.c
+diff --git a/libmisc/chkname.h b/lib/chkname.h
+similarity index 100%
+rename from libmisc/chkname.h
+rename to lib/chkname.h
+diff --git a/libmisc/chowndir.c b/lib/chowndir.c
+similarity index 100%
+rename from libmisc/chowndir.c
+rename to lib/chowndir.c
+diff --git a/libmisc/chowntty.c b/lib/chowntty.c
+similarity index 100%
+rename from libmisc/chowntty.c
+rename to lib/chowntty.c
+diff --git a/libmisc/cleanup.c b/lib/cleanup.c
+similarity index 100%
+rename from libmisc/cleanup.c
+rename to lib/cleanup.c
+diff --git a/libmisc/cleanup_group.c b/lib/cleanup_group.c
+similarity index 100%
+rename from libmisc/cleanup_group.c
+rename to lib/cleanup_group.c
+diff --git a/libmisc/cleanup_user.c b/lib/cleanup_user.c
+similarity index 100%
+rename from libmisc/cleanup_user.c
+rename to lib/cleanup_user.c
+diff --git a/libmisc/console.c b/lib/console.c
+similarity index 100%
+rename from libmisc/console.c
+rename to lib/console.c
+diff --git a/libmisc/copydir.c b/lib/copydir.c
+similarity index 100%
+rename from libmisc/copydir.c
+rename to lib/copydir.c
+diff --git a/libmisc/csrand.c b/lib/csrand.c
+similarity index 100%
+rename from libmisc/csrand.c
+rename to lib/csrand.c
+diff --git a/libmisc/date_to_str.c b/lib/date_to_str.c
+similarity index 100%
+rename from libmisc/date_to_str.c
+rename to lib/date_to_str.c
+diff --git a/libmisc/entry.c b/lib/entry.c
+similarity index 100%
+rename from libmisc/entry.c
+rename to lib/entry.c
+diff --git a/libmisc/env.c b/lib/env.c
+similarity index 100%
+rename from libmisc/env.c
+rename to lib/env.c
+diff --git a/libmisc/failure.c b/lib/failure.c
+similarity index 100%
+rename from libmisc/failure.c
+rename to lib/failure.c
+diff --git a/libmisc/failure.h b/lib/failure.h
+similarity index 100%
+rename from libmisc/failure.h
+rename to lib/failure.h
+diff --git a/libmisc/find_new_gid.c b/lib/find_new_gid.c
+similarity index 100%
+rename from libmisc/find_new_gid.c
+rename to lib/find_new_gid.c
+diff --git a/libmisc/find_new_sub_gids.c b/lib/find_new_sub_gids.c
+similarity index 100%
+rename from libmisc/find_new_sub_gids.c
+rename to lib/find_new_sub_gids.c
+diff --git a/libmisc/find_new_sub_uids.c b/lib/find_new_sub_uids.c
+similarity index 100%
+rename from libmisc/find_new_sub_uids.c
+rename to lib/find_new_sub_uids.c
+diff --git a/libmisc/find_new_uid.c b/lib/find_new_uid.c
+similarity index 100%
+rename from libmisc/find_new_uid.c
+rename to lib/find_new_uid.c
+diff --git a/libmisc/freezero.c b/lib/freezero.c
+similarity index 100%
+rename from libmisc/freezero.c
+rename to lib/freezero.c
+diff --git a/libmisc/freezero.h b/lib/freezero.h
+similarity index 100%
+rename from libmisc/freezero.h
+rename to lib/freezero.h
+diff --git a/libmisc/getdate.h b/lib/getdate.h
+similarity index 100%
+rename from libmisc/getdate.h
+rename to lib/getdate.h
+diff --git a/libmisc/getdate.y b/lib/getdate.y
+similarity index 100%
+rename from libmisc/getdate.y
+rename to lib/getdate.y
+diff --git a/libmisc/getgr_nam_gid.c b/lib/getgr_nam_gid.c
+similarity index 100%
+rename from libmisc/getgr_nam_gid.c
+rename to lib/getgr_nam_gid.c
+diff --git a/libmisc/getrange.c b/lib/getrange.c
+similarity index 100%
+rename from libmisc/getrange.c
+rename to lib/getrange.c
+diff --git a/libmisc/gettime.c b/lib/gettime.c
+similarity index 100%
+rename from libmisc/gettime.c
+rename to lib/gettime.c
+diff --git a/libmisc/hushed.c b/lib/hushed.c
+similarity index 100%
+rename from libmisc/hushed.c
+rename to lib/hushed.c
+diff --git a/libmisc/idmapping.c b/lib/idmapping.c
+similarity index 100%
+rename from libmisc/idmapping.c
+rename to lib/idmapping.c
+diff --git a/libmisc/idmapping.h b/lib/idmapping.h
+similarity index 100%
+rename from libmisc/idmapping.h
+rename to lib/idmapping.h
+diff --git a/libmisc/isexpired.c b/lib/isexpired.c
+similarity index 100%
+rename from libmisc/isexpired.c
+rename to lib/isexpired.c
+diff --git a/libmisc/limits.c b/lib/limits.c
+similarity index 100%
+rename from libmisc/limits.c
+rename to lib/limits.c
+diff --git a/libmisc/list.c b/lib/list.c
+similarity index 100%
+rename from libmisc/list.c
+rename to lib/list.c
+diff --git a/libmisc/log.c b/lib/log.c
+similarity index 100%
+rename from libmisc/log.c
+rename to lib/log.c
+diff --git a/libmisc/logind.c b/lib/logind.c
+similarity index 100%
+rename from libmisc/logind.c
+rename to lib/logind.c
+diff --git a/libmisc/loginprompt.c b/lib/loginprompt.c
+similarity index 100%
+rename from libmisc/loginprompt.c
+rename to lib/loginprompt.c
+diff --git a/libmisc/mail.c b/lib/mail.c
+similarity index 100%
+rename from libmisc/mail.c
+rename to lib/mail.c
+diff --git a/libmisc/motd.c b/lib/motd.c
+similarity index 100%
+rename from libmisc/motd.c
+rename to lib/motd.c
+diff --git a/libmisc/myname.c b/lib/myname.c
+similarity index 100%
+rename from libmisc/myname.c
+rename to lib/myname.c
+diff --git a/libmisc/obscure.c b/lib/obscure.c
+similarity index 100%
+rename from libmisc/obscure.c
+rename to lib/obscure.c
+diff --git a/libmisc/pam_pass.c b/lib/pam_pass.c
+similarity index 100%
+rename from libmisc/pam_pass.c
+rename to lib/pam_pass.c
+diff --git a/libmisc/pam_pass_non_interactive.c b/lib/pam_pass_non_interactive.c
+similarity index 100%
+rename from libmisc/pam_pass_non_interactive.c
+rename to lib/pam_pass_non_interactive.c
+diff --git a/libmisc/prefix_flag.c b/lib/prefix_flag.c
+similarity index 100%
+rename from libmisc/prefix_flag.c
+rename to lib/prefix_flag.c
+diff --git a/lib/prototypes.h b/lib/prototypes.h
+index 47ed2ca1c..25ee3a093 100644
+--- a/lib/prototypes.h
++++ b/lib/prototypes.h
+@@ -10,7 +10,7 @@
+ /*
+ * prototypes.h
+ *
+- * prototypes of libmisc functions, and private lib functions.
++ * prototypes of some lib functions, and private lib functions.
+ *
+ * $Id$
+ *
+diff --git a/libmisc/pwd2spwd.c b/lib/pwd2spwd.c
+similarity index 100%
+rename from libmisc/pwd2spwd.c
+rename to lib/pwd2spwd.c
+diff --git a/libmisc/pwd_init.c b/lib/pwd_init.c
+similarity index 100%
+rename from libmisc/pwd_init.c
+rename to lib/pwd_init.c
+diff --git a/libmisc/pwdcheck.c b/lib/pwdcheck.c
+similarity index 100%
+rename from libmisc/pwdcheck.c
+rename to lib/pwdcheck.c
+diff --git a/libmisc/readpassphrase.c b/lib/readpassphrase.c
+similarity index 100%
+rename from libmisc/readpassphrase.c
+rename to lib/readpassphrase.c
+diff --git a/libmisc/readpassphrase.h b/lib/readpassphrase.h
+similarity index 100%
+rename from libmisc/readpassphrase.h
+rename to lib/readpassphrase.h
+diff --git a/libmisc/remove_tree.c b/lib/remove_tree.c
+similarity index 100%
+rename from libmisc/remove_tree.c
+rename to lib/remove_tree.c
+diff --git a/libmisc/rlogin.c b/lib/rlogin.c
+similarity index 100%
+rename from libmisc/rlogin.c
+rename to lib/rlogin.c
+diff --git a/libmisc/root_flag.c b/lib/root_flag.c
+similarity index 100%
+rename from libmisc/root_flag.c
+rename to lib/root_flag.c
+diff --git a/libmisc/salt.c b/lib/salt.c
+similarity index 100%
+rename from libmisc/salt.c
+rename to lib/salt.c
+diff --git a/libmisc/setugid.c b/lib/setugid.c
+similarity index 100%
+rename from libmisc/setugid.c
+rename to lib/setugid.c
+diff --git a/libmisc/setupenv.c b/lib/setupenv.c
+similarity index 100%
+rename from libmisc/setupenv.c
+rename to lib/setupenv.c
+diff --git a/libmisc/shell.c b/lib/shell.c
+similarity index 100%
+rename from libmisc/shell.c
+rename to lib/shell.c
+diff --git a/libmisc/strtoday.c b/lib/strtoday.c
+similarity index 100%
+rename from libmisc/strtoday.c
+rename to lib/strtoday.c
+diff --git a/libmisc/sub.c b/lib/sub.c
+similarity index 100%
+rename from libmisc/sub.c
+rename to lib/sub.c
+diff --git a/libmisc/sulog.c b/lib/sulog.c
+similarity index 100%
+rename from libmisc/sulog.c
+rename to lib/sulog.c
+diff --git a/libmisc/ttytype.c b/lib/ttytype.c
+similarity index 100%
+rename from libmisc/ttytype.c
+rename to lib/ttytype.c
+diff --git a/libmisc/tz.c b/lib/tz.c
+similarity index 100%
+rename from libmisc/tz.c
+rename to lib/tz.c
+diff --git a/libmisc/ulimit.c b/lib/ulimit.c
+similarity index 100%
+rename from libmisc/ulimit.c
+rename to lib/ulimit.c
+diff --git a/libmisc/user_busy.c b/lib/user_busy.c
+similarity index 100%
+rename from libmisc/user_busy.c
+rename to lib/user_busy.c
+diff --git a/libmisc/utmp.c b/lib/utmp.c
+similarity index 100%
+rename from libmisc/utmp.c
+rename to lib/utmp.c
+diff --git a/libmisc/valid.c b/lib/valid.c
+similarity index 100%
+rename from libmisc/valid.c
+rename to lib/valid.c
+diff --git a/libmisc/xgetXXbyYY.c b/lib/xgetXXbyYY.c
+similarity index 100%
+rename from libmisc/xgetXXbyYY.c
+rename to lib/xgetXXbyYY.c
+diff --git a/libmisc/xgetgrgid.c b/lib/xgetgrgid.c
+similarity index 100%
+rename from libmisc/xgetgrgid.c
+rename to lib/xgetgrgid.c
+diff --git a/libmisc/xgetgrnam.c b/lib/xgetgrnam.c
+similarity index 100%
+rename from libmisc/xgetgrnam.c
+rename to lib/xgetgrnam.c
+diff --git a/libmisc/xgetpwnam.c b/lib/xgetpwnam.c
+similarity index 100%
+rename from libmisc/xgetpwnam.c
+rename to lib/xgetpwnam.c
+diff --git a/libmisc/xgetpwuid.c b/lib/xgetpwuid.c
+similarity index 100%
+rename from libmisc/xgetpwuid.c
+rename to lib/xgetpwuid.c
+diff --git a/libmisc/xgetspnam.c b/lib/xgetspnam.c
+similarity index 100%
+rename from libmisc/xgetspnam.c
+rename to lib/xgetspnam.c
+diff --git a/libmisc/xprefix_getpwnam.c b/lib/xprefix_getpwnam.c
+similarity index 100%
+rename from libmisc/xprefix_getpwnam.c
+rename to lib/xprefix_getpwnam.c
+diff --git a/libmisc/yesno.c b/lib/yesno.c
+similarity index 100%
+rename from libmisc/yesno.c
+rename to lib/yesno.c
+diff --git a/libmisc/.indent.pro b/libmisc/.indent.pro
+deleted file mode 100644
+index fe572bb76..000000000
+--- a/libmisc/.indent.pro
++++ /dev/null
+@@ -1,5 +0,0 @@
+--kr
+--i8
+--bad
+--pcs
+--l80
+diff --git a/libmisc/Makefile.am b/libmisc/Makefile.am
+deleted file mode 100644
+index 5eba4650a..000000000
+--- a/libmisc/Makefile.am
++++ /dev/null
+@@ -1,105 +0,0 @@
+-
+-EXTRA_DIST = .indent.pro xgetXXbyYY.c
+-
+-AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
+-
+-noinst_LTLIBRARIES = libmisc.la
+-
+-if USE_PAM
+-LIBCRYPT_PAM = $(LIBCRYPT)
+-else
+-LIBCRYPT_PAM =
+-endif
+-
+-libmisc_la_CFLAGS = $(LIBBSD_CFLAGS) $(LIBCRYPT_PAM) $(LIBSYSTEMD)
+-libmisc_la_SOURCES = \
+- addgrps.c \
+- age.c \
+- agetpass.c \
+- audit_help.c \
+- basename.c \
+- chkname.c \
+- chkname.h \
+- chowndir.c \
+- chowntty.c \
+- cleanup.c \
+- cleanup_group.c \
+- cleanup_user.c \
+- console.c \
+- copydir.c \
+- date_to_str.c \
+- entry.c \
+- env.c \
+- failure.c \
+- failure.h \
+- find_new_gid.c \
+- find_new_uid.c \
+- find_new_sub_gids.c \
+- find_new_sub_uids.c \
+- getdate.h \
+- getdate.y \
+- getgr_nam_gid.c \
+- getrange.c \
+- gettime.c \
+- hushed.c \
+- idmapping.h \
+- idmapping.c \
+- isexpired.c \
+- limits.c \
+- list.c \
+- loginprompt.c \
+- mail.c \
+- motd.c \
+- myname.c \
+- obscure.c \
+- pam_pass.c \
+- pam_pass_non_interactive.c \
+- prefix_flag.c \
+- pwd2spwd.c \
+- pwdcheck.c \
+- pwd_init.c \
+- csrand.c \
+- remove_tree.c \
+- rlogin.c \
+- root_flag.c \
+- salt.c \
+- setugid.c \
+- setupenv.c \
+- shell.c \
+- strtoday.c \
+- sub.c \
+- sulog.c \
+- ttytype.c \
+- tz.c \
+- ulimit.c \
+- user_busy.c \
+- valid.c \
+- xgetpwnam.c \
+- xprefix_getpwnam.c \
+- xgetpwuid.c \
+- xgetgrnam.c \
+- xgetgrgid.c \
+- xgetspnam.c \
+- yesno.c
+-
+-if WITH_BTRFS
+-libmisc_la_SOURCES += btrfs.c
+-endif
+-
+-if ENABLE_LASTLOG
+-libmisc_la_SOURCES += log.c
+-endif
+-
+-if ENABLE_LOGIND
+-libmisc_la_SOURCES += logind.c
+-else
+-libmisc_la_SOURCES += utmp.c
+-endif
+-
+-if !WITH_LIBBSD
+-libmisc_la_SOURCES += \
+- freezero.h \
+- freezero.c \
+- readpassphrase.h \
+- readpassphrase.c
+-endif
+diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am
+index 09ec3416d..5ba0ab357 100644
+--- a/libsubid/Makefile.am
++++ b/libsubid/Makefile.am
+@@ -21,10 +21,8 @@ MISCLIBS = \
+
+ libsubid_la_LIBADD = \
+ $(top_builddir)/lib/libshadow.la \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(MISCLIBS) -ldl
+
+ AM_CPPFLAGS = \
+ -I${top_srcdir}/lib \
+- -I${top_srcdir}/libmisc \
+ -DLOCALEDIR=\"$(datadir)/locale\"
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 0b318a5fe..d6c877519 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -1,24 +1,68 @@
+ # List of files which contain translatable strings.
+
++lib/addgrps.c
++lib/age.c
++lib/audit_help.c
++lib/basename.c
++lib/chkname.c
++lib/chowndir.c
++lib/chowntty.c
++lib/cleanup.c
++lib/cleanup_group.c
++lib/cleanup_user.c
+ lib/commonio.c
++lib/console.c
++lib/copydir.c
++lib/date_to_str.c
+ lib/encrypt.c
++lib/entry.c
++lib/env.c
++lib/failure.c
+ lib/fields.c
++lib/find_new_gid.c
++lib/find_new_sub_gids.c
++lib/find_new_sub_uids.c
++lib/find_new_uid.c
+ lib/fputsx.c
+-lib/getdef.c
+ lib/get_gid.c
+-lib/getlong.c
+ lib/get_uid.c
++lib/getdef.c
++lib/getlong.c
++lib/getgr_nam_gid.c
++lib/getrange.c
+ lib/groupio.c
+ lib/groupmem.c
+ lib/gshadow.c
++lib/hushed.c
++lib/idmapping.c
++lib/isexpired.c
++lib/limits.c
++lib/list.c
+ lib/lockpw.c
++lib/log.c
++lib/loginprompt.c
++lib/mail.c
++lib/motd.c
++lib/myname.c
+ lib/nscd.c
++lib/obscure.c
++lib/pam_pass.c
++lib/pam_pass_non_interactive.c
+ lib/port.c
+ lib/pwauth.c
++lib/pwd_init.c
++lib/pwd2spwd.c
++lib/pwdcheck.c
+ lib/pwio.c
+ lib/pwmem.c
++lib/remove_tree.c
++lib/rlogin.c
++lib/root_flag.c
++lib/salt.c
+ lib/selinux.c
+ lib/semanage.c
++lib/setugid.c
++lib/setupenv.c
+ lib/sgetgrent.c
+ lib/sgetpwent.c
+ lib/sgetspent.c
+@@ -26,64 +70,20 @@ lib/sgroupio.c
+ lib/shadow.c
+ lib/shadowio.c
+ lib/shadowmem.c
++lib/shell.c
+ lib/spawn.c
++lib/strtoday.c
++lib/sub.c
++lib/sulog.c
+ lib/tcbfuncs.c
+-libmisc/addgrps.c
+-libmisc/age.c
+-libmisc/audit_help.c
+-libmisc/basename.c
+-libmisc/chkname.c
+-libmisc/chowndir.c
+-libmisc/chowntty.c
+-libmisc/cleanup.c
+-libmisc/cleanup_group.c
+-libmisc/cleanup_user.c
+-libmisc/console.c
+-libmisc/copydir.c
+-libmisc/date_to_str.c
+-libmisc/entry.c
+-libmisc/env.c
+-libmisc/failure.c
+-libmisc/find_new_gid.c
+-libmisc/find_new_sub_gids.c
+-libmisc/find_new_sub_uids.c
+-libmisc/find_new_uid.c
+-libmisc/getgr_nam_gid.c
+-libmisc/getrange.c
+-libmisc/hushed.c
+-libmisc/idmapping.c
+-libmisc/isexpired.c
+-libmisc/limits.c
+-libmisc/list.c
+-libmisc/log.c
+-libmisc/loginprompt.c
+-libmisc/mail.c
+-libmisc/motd.c
+-libmisc/myname.c
+-libmisc/obscure.c
+-libmisc/pam_pass.c
+-libmisc/pam_pass_non_interactive.c
+-libmisc/pwd2spwd.c
+-libmisc/pwdcheck.c
+-libmisc/pwd_init.c
+-libmisc/remove_tree.c
+-libmisc/rlogin.c
+-libmisc/root_flag.c
+-libmisc/salt.c
+-libmisc/setugid.c
+-libmisc/setupenv.c
+-libmisc/shell.c
+-libmisc/strtoday.c
+-libmisc/sub.c
+-libmisc/sulog.c
+-libmisc/ttytype.c
+-libmisc/tz.c
+-libmisc/ulimit.c
+-libmisc/user_busy.c
+-libmisc/utmp.c
+-libmisc/valid.c
+-libmisc/xgetXXbyYY.c
+-libmisc/yesno.c
++lib/ttytype.c
++lib/tz.c
++lib/ulimit.c
++lib/user_busy.c
++lib/utmp.c
++lib/valid.c
++lib/xgetXXbyYY.c
++lib/yesno.c
+ src/chage.c
+ src/chfn.c
+ src/chgpasswd.c
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 585a0b7e9..fcfee9d2c 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -9,7 +9,6 @@ sgidperms = 2755
+
+ AM_CPPFLAGS = \
+ -I${top_srcdir}/lib \
+- -I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
+ -DLOCALEDIR=\"$(datadir)/locale\" \
+ $(ECONF_CPPFLAGS)
+@@ -85,7 +84,6 @@ shadowsgidubins = passwd
+ endif
+
+ LDADD = $(INTLLIBS) \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(top_builddir)/lib/libshadow.la \
+ $(LIBTCB)
+
+@@ -183,59 +181,49 @@ MISCLIBS = \
+
+ getsubids_LDADD = \
+ $(top_builddir)/lib/libshadow.la \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(top_builddir)/libsubid/libsubid.la \
+ $(MISCLIBS) -ldl
+
+ getsubids_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+- -I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
+ -I$(top_builddir)/libsubid
+
+ get_subid_owners_LDADD = \
+ $(top_builddir)/lib/libshadow.la \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(top_builddir)/libsubid/libsubid.la \
+ $(MISCLIBS) -ldl
+
+ get_subid_owners_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+- -I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
+ -I$(top_builddir)/libsubid
+
+ new_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+- -I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
+ -I$(top_builddir)/libsubid
+
+ new_subid_range_LDADD = \
+ $(top_builddir)/lib/libshadow.la \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(top_builddir)/libsubid/libsubid.la \
+ $(MISCLIBS) -ldl
+
+ free_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+- -I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
+ -I$(top_builddir)/libsubid
+
+ free_subid_range_LDADD = \
+ $(top_builddir)/lib/libshadow.la \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(top_builddir)/libsubid/libsubid.la \
+ $(MISCLIBS) -ldl
+
+ check_subid_range_CPPFLAGS = \
+ -I$(top_srcdir)/lib \
+- -I$(top_srcdir) \
+- -I$(top_srcdir)/libmisc
++ -I$(top_srcdir)
+
+ check_subid_range_LDADD = \
+ $(top_builddir)/lib/libshadow.la \
+- $(top_builddir)/libmisc/libmisc.la \
+ $(MISCLIBS) -ldl
+ endif
+diff --git a/src/su.c b/src/su.c
+index d8a208572..28445a300 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -97,8 +97,8 @@ static pid_t pid_child = 0;
+ * External identifiers
+ */
+
+-extern char **newenvp; /* libmisc/env.c */
+-extern size_t newenvc; /* libmisc/env.c */
++extern char **newenvp; /* lib/env.c */
++extern size_t newenvc; /* lib/env.c */
+
+ /* local function prototypes */
+
diff --git a/sys-apps/shadow/shadow-4.14.0-r2.ebuild b/sys-apps/shadow/shadow-4.14.0-r3.ebuild
similarity index 96%
rename from sys-apps/shadow/shadow-4.14.0-r2.ebuild
rename to sys-apps/shadow/shadow-4.14.0-r3.ebuild
index b56af87c4778..f968474c789e 100644
--- a/sys-apps/shadow/shadow-4.14.0-r2.ebuild
+++ b/sys-apps/shadow/shadow-4.14.0-r3.ebuild
@@ -3,12 +3,16 @@
EAPI=8
+if [[ ${PV} != 4.14.0 ]]; then
+ die "Please replace eautoreconf with elibtoolize and drop autotools when bumping!"
+fi
+
# Upstream sometimes pushes releases as pre-releases before marking them
# official. Don't keyword the pre-releases!
# Check https://github.com/shadow-maint/shadow/releases.
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/sergehallyn.asc
-inherit libtool pam verify-sig
+inherit autotools libtool pam verify-sig
DESCRIPTION="Utilities to deal with user accounts"
HOMEPAGE="https://github.com/shadow-maint/shadow"
@@ -66,9 +70,11 @@ BDEPEND="
"
src_prepare() {
+ local PATCHES=(
+ "${FILESDIR}"/shadow-4.14.0-bug912446.patch
+ )
default
-
- elibtoolize
+ eautoreconf
}
src_configure() {
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-09-19 0:55 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-21 8:24 [gentoo-commits] repo/gentoo:master commit in: sys-apps/shadow/files/, sys-apps/shadow/ Lars Wendler
-- strict thread matches above, loose matches on Subject: below --
2023-09-19 0:55 Mike Gilbert
2023-06-17 2:40 Sam James
2023-04-18 16:35 Mike Gilbert
2021-12-20 1:41 Sam James
2021-12-20 1:27 Sam James
2021-07-25 14:05 Lars Wendler
2019-12-01 21:50 Patrick McLean
2019-11-19 10:37 Lars Wendler
2018-02-17 12:50 Lars Wendler
2016-12-06 10:35 Lars Wendler
2016-12-05 22:20 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox